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Abstract 



This paper explores the connection between two central results in the proof theory of classical logic: 
Gentzen's cut-elimination for the sequent calculus and Herbrands "fundamental theorem" . Starting from 
Miller's expansion-tree-proofs, a highly structured way presentation of Herbrand's theorem, we define a 
calculus of weakening-free proof nets for (prenex) first-order classical logic, and give a weakly-normalizing 
fvj ' cut-elimination procedure. It is not possible to formulate the usual counterexamples to confluence of cut- 

elimination in this calculus, but it is nonetheless nonconfluent, lending credence to the view that classical 
logic is inherently nonconfluent. 



1 Introduction 



o 

^ ' The constructive content of an intuitionistic proof of an existential statement 3a::. ^4 is well-understood: 

the existence property for intuitionistic logic states that a cut-free proof of 3x.A is precisely pair of a 
witness M and a proof of A[x := M]. This is, of course, not true for classical logic; a famous example is 
the problem "there exists a pair of irrational numbers a and b such that a*" is rational" . The standard 
proof is to first give y/2, \/2 as a candidate pair. If (\/2) is rational we are done: if it is irrational, we 

^ \ abandon our flrst candidates and instead pick the pair (\/2) , \/2. This is an instance of backtracking, 

and is only possible because we admit the identity A = -i-iA on propositions. 

In a sense, the counterpart of the existence property in classical logic is Herbrand's theorem. In its 
simplest form, Herbrand's theorem states that a formula of first-order logic 3x.A, where A is quantifier 
free, is provable if and only if there exist formulae Mi, . . . M„ such that 

O' \=A[x~Mi]y---yA[x--M„]. 

o' 

This simple form of Herbrand's theorem does not do the full generality of the theorem justice, but it 
gives the a flavour of its content: a classical proof of an existential does not consist of a single witness, 
but a set of candidate witnesses, plus a proof that at least one of them is an actual witness. This is 
^^ , complicated by the fact that the witnesses may interact: observe this in the proof above, where the 

$H ' failure of (\/2, \/2) is necessary to show that ((\/2) , \/2) is a witness. An example from pure logic of 

this interaction is the so-called "drinker's formula" 

3x.yy(A(x) ^ A{y)). 

To prove this formula, we first guess a witness a (the domain of individuals should be nonempty, to allow 
this). If there is a counterexample (an individual b such that ^1(6) does not hold), we backtrack and 
instead pick b to instantiate the existential quantifier. That we can backtrack is expressed logically by 
contraction: we can prove 3x.A if and only if we can prove 3a::. ^4 V 3x.A. 

It is well known that a more general "Herbrand's theorem" for prenex formulae follows directly from 
Gentzen's cut-elimination theorem, or more properly the Midsequent theorem. This is usually stated in 
terms of permutability of inference rules, but it can be more succinctly stated as follows: 

Theorem 1. The cut-free sequent system given m Figure\l\ is complete for prenex formulae. 
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Figure 1: A midsequent calculus hlCmid, sound and complete for prenex classical logic 

A proof of a prenex formula qiXi. . . . q„,x„.B in this calculus yields, for each provable formula, a set 
of instantiated versions of B whose disjunction is a tautology (or more generally, a quasi-tautological 
consequence of the relevant universal theory). Any proof of a prenex formula in the usual sequent 
calculus may be converted to a proof in the system in Figure [T] by permuting the quantifier rules below 
the propositional rules, and then observing that any consequence of the propositional rules is a sequent 
whose disjunction is a tautology. 

Herbrand's theorem is usually stated in terms of provability: a first-order formula (typically 112) is 
provable in a certain theory if and only if a an extension of that theory can be found such that some 
Herbrand disjunction of the formula is provable in the theory. But the original theorem [13) was stated 
in terms of a proof system, with an associated notion of Herbrand proof [31. This paper examines these 
Herbrand proofs from a modern perspective, answering positively the question: do Herbrand proofs have 
syntactic cut-elimination? 

The notion of Herbrand proof was adopted, improved and extended by Miller |19) . and it is indeed 
a variation on his notion of expansion-tree proof which we will take as our proof objects. Miller called 
expansion-trees a "Compact Representation of Proofs" ; when moving from sequents to expansion trees, 
a lot of inessential details regarding the order of application of rules is discarded. Another representation 
of proofs with this property is the paradigm of Girard's proof nets [10]. In this paper we make an explicit 
connection between these two previously unconnected notions. Our proof objects, Herbrand nets, are 
proof nets in the style of Girard; the cut-free nets are essentially expansion-tree proofs. 

We can view the paper from one further perspective: that of controlling/studying the bad properties of 
classical sequent systems. The major hurdle for studying the computational content of the cut-elimination 
system of Gentzen is that it lacks both of the usual "good properties" of proof systems: it is neither 
confluent and nor strongly normalizing, and because of this a proof may in general have infinitely many 
normal forms, where normal means cut-free. One might observe that many of these normal forms differ 
only by inessential details, such as the order of rule applications, yet there is no universally accepted 
notion of equality (or, better, equivalence) of proofs in classical logic, even in the cut-free case. 

The typical examples of bad behaviour in Gentzen's system arise by opposing structural rules in a 
cut, leading to critical pairs which cannot be resolved, and so an evident solution to this problem is 
to orient these critical pairs: such an approach is taken by Curien and Herbelin's A/x/I-calculus, which 
gives a kind of sequent calculus for classical logic which is indeed strongly normalizing and has natural 
confluent subsystems, corresponding to call-by-name and call-by-value evaluation. Systems like these 
support the notion that proofs in classical logic have computational content as of functional programs 
with control. But Curien and Herbelin's system is very restricted when compared to Gentzen's: a proof 
in this system is assigned a term of A/i/i, and rule permutations that are natural in Gentzen's system do 
not preserve this annotation: thus proofs which one would naturally like to identify are given different 
behaviours. 

It is natural to ask if the kind of orientation found in A/x/i can be had without these structural 
restrictions. This paper begins with the observation that the calculus in Figure [l] contains redundant 
rules: in particular, the contraction rule is unnecessary on universally quantified formulae, since the rule 
for the universal is invertible. Thus, at least for quantified cut formulae, each formula has a natural 
"orientation" derived from the polarity of the cut formula, (where, roughly speaking, a connective is 



negative if it has an invertible rule on the right-hand side of the turnstile, and a formula negative if 
its main connective is). Based on this observation, we show an annotation of the formulae in proofs 
of the midsequent calculus, with the initial idea being that two cut-free proofs are equivalent if their 
endsequents receive the same annotation. We then consider the annotated sequents themselves as proof 
structures, calling the resulting class of nets Herbrand nets, and develop for them a theory of correctness 
and sequentialization. By harnessing the notion of kingdom, the smallest subnet containing a certain 
formula, we give cut-reduction steps directly on Herbrand nets, and prove cut-elimination. We will then 
see an example proof which, despite lacking the usual critical pairs, reduces nondeterministically. We 
also consider the tactic of duplicating the largest possible subnet (the empire), which we will see may 
lead to infinite reduction traces. 

1.1 Related work 

Strassburger ^1] has adapted expansion tree proofs to give a notion of proof net for second-order propo- 
sitional MLL. 

Structures similar to those we present here are also studied in Heijltjes (under the name "Forest 
proofs") [11II12J . but from a rather different perspective. We will discuss in depth the differences in these 
two pieces of work later: for now we simply state that our two approaches represent two different ways 
to repair an intuitive but flawed idea for cut-elimination in expansion-tree proofs. Similar connections 
between Herbrand's theorem and abstract proof objects for predicate logic were suggested in [14| . 

2 Preliminary definitions 

2.1 Prenex formulae of classical first-order logic 

A signature E = (V, FS, PS) consists of 

• V, a countable set of variable symbols. 

• FS, a countable collection of function symbols, together with a function ar (arity) from FS to the 
natural numbers. 

• PS, a countable set of predicate symbols, together with a function Ar from PS to the natural 
numbers. 

A constant of a signature S is a function symbol with arity zero. We will use metavariables x, y, z, a, b 
to denote variable symbols, /, g to denote function symbols, and p, q to denote predicate symbols. The 
first-order terms of E are given by the following grammar: 

M:~x\ f{Mi,...M^r(f))- 

Given a term M, the free variables of M (written free(Af )) are defined as follows: 

free(a;) = {x}, 

free(/(Mi, . . . M,,)) = free(Mi) U • ■ • U free(M„). 

An atomic formula can be either positive or negative, and is a tuple consisting of a polarity from 
{-I-,—}, a predicate symbol p of arity n, and n terms Mi,...Af„. We will write an atomic formula 
{+,p. Ml, . . . , Mn) as p{M\, . . . Mn), and an atomic formula (— , q,Ni, . . . , N„) as q{Ni, . . . Nn). 

The quantifier-free formulae (QFFs) are generated from the atomic formulae using the connectives A 
and V: 

P, Q ~ p{K'h,. . . MAr(p)) I p(Mi, . . . A/akp)) i (^ V Q) I (P a Q) 

Notice that we give no explicit connective for negation, presenting instead the formulae of classical logic 
in negation normal form. Each formula A has a dual formula A defined by De Morgan duality: 



p(Mi, ...M„)= p{Mi,. . . M„) p(Mi, . ..M„)= p(Mi, . . . M„) 



(PVQ) := (PAQ), PAQ--PVQ. 



A formula in prenex normal form (or prenex formula for short) is a member of the following grammar, 
where x ranges over the variables in V and P over QFFs: 

A:-- P \ 3x.A j Va;.A 

The dual of a prenex formulae is defined, as for QFFs, using De Morgan duality: 



\/x.A:=3x.A, 3x.A:^\fx.A 

We will use qx to refer to an indeterminate quantifier over x (q is either Vs or 3a;). Given a prenex 
formula A = qix\ . . . q„x„.P, we call P the matrix of A. 

The bound and free variables of a prenex formula are defined as usual: 

Definition 2. Let A be a formula in prenex normal form. The set of free variables free(^) of A is a 
set of variable symbols defined as follows: 



free(p(Mi, . . . M„)) = free(p(A/i, . . . M„)) 

free{PAQ) =free(PvQ) 

free(Va;.^) = hee(3x.A) 



= free(Mi) U • • • U free(M„ 
= free(P) U free(Q) 
= free(yl) \ {x} 



The set of bound variables bound(P) of a QFF P is empty set. For an arbitrary prenex formula A, 
bound(A) is the set of variable symbols defined as follows: 

bound(Va;.yl) = bound(3a;.^) := bound(A) U {x} 

Notice that, because of the way prenex formulae are built, for any prenex formula A we have 

free(A) n bound(A) = 0. We will use the notation A[x :— M] for the usual notion of capture avoiding 

substitution of a first-order term M for a variable s in a formula. 

2.2 Trees and terms, forests and sequents 

For us, a forest will be a pair (A, pr) consisting of a set A and a partial endofunction pr (predecessor) on 
A (the elements of A on which pr is undefined being the roots such that, for each element x of A, there 
is an n > such that pr"(a;) is a root. Clearly, a forest with one root is a tree. Given a y such that 
pr(x) = y, we will say that a; is a successor of y. A forest possesses a natural order structure derived 
from its predecessor: x < y ii there exists n > with x = pr"(j/). 

The trees we deal with will be derived from subterms of terms or subformulae of formulae. For 
example, given a formula X, denote its set of occurrences of subformulae Ox- This set has a natural tree 
structure (we write pr^^ for its predecessor and <x for its order) whose root is the formula X, and where 
Z <x Y means "Y is a subformula of Z" . Similarly, if f is a term, we denote its natural tree structure 
by (OtjprJ, and the order on its subterms <t. 

We mention here our approach to multisets. It is usual to define a sequent as a multiset of formulae, 
without worrying too much about what a multiset is, when in fact there are several notions of multiset 
with differing properties. For example, we might consider a finite multiset of formulae to be a function 
(multiplicity) from the set of formulae to the set of the natural numbers which is zero on all but a finite set 
of formulae. This is fine for many applications, but disastrous for analysing proofs. For example, if from 
a sequent T,A, we derive r,A,A by weakening and then F, ^ V A by an application of a multiplicative 
V rule, how are we to know which disjunct arose from the weakening? The right notion of multiset in 
this context allows us to distinguish between members of the multiset, without going so far as to order 
them (for further discussion, see [16]). In this paper, we will think of sequents as forests of formulae: the 
roots of the forest are then distinct vertices of the forest and can be distinguished. This corresponds, of 
course, to a "right definition" of a multiset of formulae, and so we will write a sequent as Ai, . . . An as 
usual. 



3 Herbrands Theorem and Herbrand proofs 

The form of Herbrand's theorem we will use is the following: let E be a signature containing at least 
one constant, and let T be a finite set of universal axioms. The Herbrand's theorem is the following: a 
prenex formula A over E is semantically entailed by T (T 1= A) if and only if A has an Herbrand Proof 
[3] over T, which is a triple consisting of an expansion, a prenexificaUon, and a witnessing substitution. 

Remark 1. This restriction to prenex formulae is necessary to have a connection between Herbrand 
proofs and standard sequent proofs; Herbrand's theorem for general formulae does not follow directly 
from the midsequent theorem. To prove Herbrand's theorem for general first-order formulae one can 
consider a generalized sequent-calculus with "deep" contraction; see [18] . 

We now define the constituents of an Herbrand proof, beginning with expansion: 

Definition 3. (a) A context is a prenex formula with precisely one occurrence of the special atomic for- 
mula {} (the holej. We write A{\ to denote a context. 

(b) If A{} is a context, B a formula, we write A{B} for the formula given by replacing the hole by B. 

Definition 4. Let A be a prenex formula. An expansion of A is defined as follows: 

• A is an expansion of A; 

• if C{3x.B} is an expansion of A, then C{3x.B\/ 3x.B} is an expansion of A. 

Given an arbitrary (not necessarily prenex) formula A of classical predicate logic, a prenexification of 
a formula A is given by "pulling the quantifiers to the front" : 

Definition 5. Let A be a formula of first- order classical logic. By renaming bound variables, we may write 
A such that each quantifier qi in A binds a unique variable Xi not appearing free in A. A prenexification 
of A is a prenex formula A* derived from this form of A by applications of the following rewrites (where 
* is either A or V): 

A * qx.B — ;■ qx.{A * B) qx.A * B -^ qx.{A * B) 

A witnessing substitution for a closed prenex formula A is a, sequence of terms which, when substituted 
into the matrix of A, make it valid, and which respects the order of quantifiers appearing in the prefix 
of A: 

Definition 6. Let A — qixi. . . . qnX„.B{xi, . . .Xn) be a closed prenex formula. j4 witnessing substitution 
for A IS a finite sequence Mi, . . . Mn of first- order terms such that 

(a) Mi = Xi if qi =\/ 

(b) free(Mj) C { a;, | q, = V, J < j } 

(c) rNB(Mi,...M„) 

Given these components, we may now state Herbrand's theorem: 

Tiieorem 7 (Herbrand's theorem). Let T, be a signature containing at least one constant symbol, and 
let T be a finite set of universal axioms. Let A be a closed prenex formula; then T \= A if and only if A 
has an Herbrand proof - a tuple {A, A*, a) such that A is an expansion of A, A* is a prenexification of 
A, and a IS a witnessing substitution for A* . 

One direction is easy: if a closed prenex formula A has an Herbrand proof {A, A*, a) then 7" 1= ^4. 
For we have T 1= A* , since A* has a witnessing substitution. Furthermore T \= A* if and only ii T \= A. 
Lastly, A ^ A is a, classically valid implication. We postpone the other direction to Section (5] 

Remark 2. While Herbrand proofs provide a satisfactory abstract account of Herbrand's theorem, Her- 
brand proofs themselves are not a good candidate for abstract proof objects, since they lack canonicity. 
Given an Herbrand proof, we can find another with essentially the same content by making permutations 
in the quantifier prefix of the prenexification (such that it is still compatible with the witnessing sub- 
stitution). Such a permutation is the equivalent, in this setting, of a sequent calculus rule permutation. 
Miller's expansion-tree proofs [T5] provide a better notion of abstract proof, where a specific prenex- 
ification is replaced by a demonstration that such a prenexification exists: an acyclicity check on the 
dependencies on quantifiers induced by the substitution. In the following section, we give a reformulation 



of expansion tree proofs and extend them to account for multiple conclusions and the presence of cuts. In 
the presence of cuts, acyclicity is not enough to check correctness; instead, we treat a forest of expansion 
trees as a proof structure, and use a form of proof-net correctness to identify those corresponding to 
genuine proofs. 

4 ae-terms 

We take, in this paper, the position that a proof net is a forest with an additional linking structure. 
This is most evident in MLL~ with or without Mix, where the forest structure of a net is simply the 
forest given by its conclusion, and the linking structure is given by the axiom links. Nets for MLL can 
also be considered in this light, with the linking also indicating attachments for _L. A pleasing aspect of 
this approach is that, when considering proofs which are essentially identical (in this case, by a Trimble 
rewiring) the forest remains constant, and only the linking changes. 

In settings where we have contraction, such as Lamarche's essential nets [TB], or Robinson's nets for 
propositional classical logic [20) . the forest structure of a net is more complex. In both these settings one 
finds contraction nodes, of the form 

A A 

X X 
Ctr 

i 
A 

This is problematic from the point of view of canonical representation of proofs: in addition to any 
quotienting by rewiring weakenings (which occurs solely in the linking on the forest) , we must in addition 
quotient by identities between forests, such as as those generated by the following identities of subtrees: 

A A A A 

\ y \ ^ 

Ctr = Ctr 

i i 

A A A A 

\ ^ \ y 

Ctr ctr 

i i 

A A 

and 

Wk 

i 

A A 

\ ^ = A 

Ctr 
i 
A 

Such identifications are necessary, for example, to build a sensible category from Robinson's proof nets, 
see [7]. The forest structure we suggest for representing contraction replaces the usual binary contraction 
with an n-ary contraction. The suggestion to use an n-ary contraction is already present in 9 , along with 
an additional condition to enforce canonicity: a structural rule cannot provide the premise of another 
structural rule. 

4.1 ae terms 

In this section we define ae-terms, which consist of the expansion-trees (a reformulation of Miller's 
expansion trees for the prenex first-order fragment of classical logic), cuts, and witnessing terms. 



Definition 8 (ae terms). Let E = (V,FS,PS) fee a signature, and let I be a countable set of indices. 
The ae terms t, . . . over (S, I) (consisting of the expansion trees p, ■ ■ ■ , cuts c, . . . , and witnessing terms 
w, . . . ) are given by the following grammars: 

t := p \ w \ c 

p := S \ a[a].p \ {w + ■ ■ ■ + w) 

w — e[M].p 

c :— ptxi p 

where S is a nonempty finite set of indices, M is a first-order term over the signature, a € V, and 
{w + ■ ■ ■ + w) denotes a finite nonempty formal sum (a member of the free commutative semigroup over 
w). A non-cut term is either an expansion tree or a witnessing term. 

The witnessing terms represent the components of (generahzed) Herbrand disjunctions. We could of 
course replace the formal sums of witnesses by nonempty finite multisets of witnesses, but this complicates 
the notation a little. The reader more comfortable with multisets can think of {wi + - ■ ■ Wn) as the multiset 
{wi, . . . ,Wn}, with the semigroup operation + being interpreted as disjoint multiset union. We make an 
explicit distinction between the witnessing term e[Af].f and the expansion tree (e[AI].t). We will refer to 
a witnessing term not in the scope of a semigroup + as a naked witness. 

Remark 3. The reader might wonder why we have a commutative semigroup rather than commutative 
monoid structure on expansion trees: why are we not allowed to form the empty formal sum as a expansion 
tree (in multiset terms, why not also allow the empty multiset)? This would amount to explicit weakening 
in our sequent calculus, and in the proof nets we will form from ae terms. Weakening is notoriously 
difficult to handle well in proof nets; as we will see, in this setting explicit weakening is not necessary. 

4.2 Typing ae-terms 

We now assign types to these terms. The type of an expansion tree is always a prenex formula. The 
witnessing terms and cuts receive special non-logical types: 

Definition 9. A type over E = (X,J^,TZ) is either 

(a) A logical type; a formula of classical predicate logic in prenex normal form, over the signature (as 
described in the preliminaries); or 

(b) a non-logical type, of which there are two kinds: 

i A witness type, written (Bx.yl), where 3x.A is a formula in prenex normal form; or 
ii A cut type; a pair of dual formulae of classical logic in prenex normal form, written A\>^ A. 

We will occasionally need to refer to a type without specifying if is is logical or non-logical: in that case 
we will use a capital T, reserving A,B,C . . . for those types which are prenex formulae. 

The non-logical types are needed to type the witness and cut terms, respectively. We use the witness 
types to distuish between a naked witness, e[A/].s, which recieves a witness type, and the expansion 
tree (e[M].s), which recieves a logical type. Only terms of witness type can take part in an expansion, 
and only terms of logical type can take part in other logical rules; in this way, we avoid non-canonicity, 
preventing the premise of an expansion to be, itself, the result of an expansion. 

Each non-logical types has an underlying logical type: 

Definition 10. The underlying type of a witness type (Bs.A) is 3x.A. The underlying type of A txi A 
is A. The free/bound variables free and bound of a witness/cut type are the free/bound variables of its 
underlying type. We define substitution into witness/cut types in the obvious way 

{3x.A)[y := M] = {3x.A[y := M]) 

{A [XI A)[y ~ M] = A[y := M] ixo A[y := M] 

Definition 11. A typed term is a pair t : T of a term t and a type T , derivable in the typing system 
given in FigureV^ 



ii,...i„ e I 

{ii,...in} ■■ P 
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Figure 2: Typing derivations for ae terms 

There are some terms that cannot be typed, for simple reasons. For example, the term afaj.f ixi Q:[b].s 
can never be well-typed: a type for a term beginning with an a must be a formula of the form \/x.A, and 
two such formulae can never be dual. 

Example 1. The following is a well- typed term, which will be an important example for us for the rest 
of the paper. Its type is the drinker's formula mentioned in the introduction: for that reason we will call 
it D, the drinker's term: 

D = {e[c].a[a].{l} + e[a].a[b].{l}) ■.3x:iy{A{x)y A[y)) 

We can now take advantage of the fact that terms can be seen as trees: Figure [3] gives typing tree 
equivalents of the derivations in Figure [2] Viewed in this way, a typed term is a tree built from the 
elements in Figure [3] by matching the types of the directed edges. Conversely, each typed term gives rise 
to a tree of its typed subterms: in practice, we will annotate only the root with its type, as the types of 
subterms can be inferred. 

Example 2. The tree corresponding to the typed drinker's term D is 
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As mentioned above, we consider sequents to be forests of formulae. Continuing this convention, 
a proof structure (or prenet) in this system will consist of a forest of typed expansion-trees and cuts, 
satisfying certain properties. By a forest of typed terms, we mean informally a multiset of typed terms, 
and more formally, the following: 

Definition 12. A typed forest F is a forest tn which each root ts a typed term, with the tree above a 
roots being its typing tree. 
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Figure 3: Typing trees for as terms 
4.3 Decorating sequent derivations with terms 

We now use ae terms to decorate the formulae appearing in sequent proofs of classical logic, just as one 
may assign lambda terms to proofs of intuitionistic logic. This provides an elegant assignment of typed 
forests to proofs. The proofs we annotate will be of a particular form; we restrict the system LKmid in 
Figure [T] to a subsystem in which weakening does not appear and contraction is restricted to existential 
and quantifier-free formulae, and add term annotations. This system with term annotations, LKh is 
given in Figure U In the next section we will show that this system is complete for prenex formulae, and 
in so doing give a function assigning a typed forest to any proof in LK^w- 

The rules of LKh operate not on sequents, but on the typed forests introduced in the previous 
section. The rule 



^\/P. 



{i):Pi,...,{€):Pn 
is the tautology rule; it allows us to use any propositional tautology as an axiom, where the formulae Pj 
are the QFFs of E. This is the tautology rule in the absence of axioms. Given a finite set T of universal 
axioms, we can replace the tautology rule with 

n 

T^y p, 



{i):Pi,...,ii):Pn 



to give a calculus for proofs in the theory T. Once we do this, it is easy to see that the forgetful 
projection of a rule in LKh (where we simply remove the annotating term from every formula, and 
remove all cut-terms) is a rule of LKmW- 

For the annotation of formulae to be well behaved (in a sense that will be explained below), we must 
treat eigenvariables strictly: each instance of the universal quantifier should have a unique associated 
eigenvariable, and that eigenvariable should only appear free in the subproof above the rule introducing 
that quantifier. We will also insist that each instance of the tautology rule has a unique index. 

Definition 13. A proof in LKh is a tree built from rule instances from Figurel^ with instances of the 
tautology rule at the leaves. A proof $ is strict if 

(i) each tautology rule in $ is labelled with a distinct index i, 

(a) each a m ^ binds a distinct eigenvariable a, 

(Hi) An eigenvariable a may not appear free in the type of any sequent outside the subproof above the 
rule introducing a[a]. 
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F, i + s : 3x.A F, SUT -.P 

F, t:A G, s:A 



F, G, tt<i s : A^A 



Cut 



Figure 4: LKi/: An annotated sequent calculus for prenex classical logic 

We will write LKh \- F if there is a strict proof m LKh of F. 

Note tliat case (ii) in the above definition ensures tliat eigenvariables are used strictly in tiie usual 
sense, and additionally enforces the usual variable restriction on the rule for the universal quantifier. 

Example 3. Let E contain the unary predicate A and a constant symbol c. Recall the drinker's term 
D (Example [1]): 

D = (e[c].QH.{l} + £[a].a[b].{l}) : 3x.yy{A{x) V A{y)) (14) 

D is the conclusion of the derivation below: 

1 



{1} ■.A{c)y A{a), {1} : A{a) y A(b) 

VR 

{1} : A{c) V A{a), a[b].{l} : Vj/^(a) V A{y) 

3R 

{1} : A{c) V A{a), {e[a].a[b].{l}) : 3x.\/y{A{x) V A{y)) 

VR 

a[a].{l} : Vy(A(c) V A{y)), (£[a].Q[61.{l}) : 3x.yy{A{x) V A{y)) 



3R 



{e[c]a[a].{l}) : 3x.\fy{A{x) V A{y)), {e[a].a[b].{l}) : 3x.\fyiA{x) V A{y)) 

C3 

(e[c].a[a].{l} + e[a].a[b].{l}) : 3x.\/y{A{x)V Aiy)) 

The following example illustrates the cut rule and the contraction rule on QFFs: 
Example 4. 



{!}: 


P, {1} : 


P, {1}--P 




{2} 


: P, {2} : P, {2} : P 


{1} : ^, {2: 


\--p, W--' 


P, {2} : 


P, 


{1}C<1{2} 


■.P\XiP 

n-r: 




{1} : P, 


{2} : P, {1 


,2} : P, 


{1} 


CXI {2} : P 


IXiP 

Cp 



Cut 



{1,2}:P, {1,2}:P, {1} « {2} : P ^ P 

4.4 Annotated sequents 

We can view the conclusion of a strict proof as a normal sequent annotated with some information about 
the rules used in the proof Clearly, not every typed forest can arise from annotating a sequent proof 
For example, there cannot be two occurences of the prefix a[a] in such a conclusion. We characterize in 
the current subsection the typed forests having "the right shape" to arise from a proof: our equivalent 
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of a proof-stucture/preproofnet. We will call these typed forests annotated sequents. Then, in Section 
7, we will give a correctness criterion singling out among these annotated sequents the Herbrand nets: 
those annotated sequents which do indeed arise from a sequent proof. 

We will refer to the subtrees of a forest as its "nodes" using standard proof-net terminology. We will 
refer to nodes by the outermost term-constructor used to form them: so a subterm of the form: 

• 5 is a propositional node; 

• a[a].f is an a-node; 

• e[M].f is an e-node; 

• (wi + . . . Wn) is an expansion node. 

We begin by giving a notion of type to typed forests; for this, the standard set-with-multiplicities 
definition of multiset suffices: 

Definition 15. The type of a typed forest is the multiset consisting of the types of its non-cut roots. 

A typed forest will be "of the right shape" if it can be determined that, if it did come from an LKh 
proof, that proof was strict; that is, we need a notion of strictness for typed forests. The essence of 
strictness in forests is that a behaves as a non-local binder. The first condition is obvious: each a should 
have a unique eigenvariable, just as it does in a strict proof. 

It is a little harder to capture the idea other aspects of strictness: we begin by defining the a-bound 
and Of- free variables of a typed term/forest, a concept distinct from the bound/free variables of its 
conclusion: 

Definition 16. Let t : A be a typed term. We define two sets of variables bounds (i : A) (the variables 
a-bound int : A) and freec«(t : A) (the a-free variables of t : A) as follows: 

(a) The variable a is a member of bounds (t : A) if and only if (y\a\ is a subterm of t. 

(b) The set freec (t : A) is defined as follows: 

• freec(5: P) = free(P) 

• freec,(a[a].f : Vx.A) — freec,(i : A[x :— a]) \ {a} 

• freec(e[M].f : {3x.B}) = free^it : B[x ~ M]) Ufree(M) 

• freec((ti H h in) : 3a;. B) = freec(ii : {3x.B)) U • • • U freec«(t„ : (3a;-. B)) 

• freec (t sxi s : A (xi A) = fresa (t : A) U fresc (s : A) 
Example 5. For the typed expansion tree 

t:A = {£[b].a[a].{e[a].{l})) : 3xS/y.3z.P{x,y,z,w) 

freea(i : ^1) = {6, w} and boundc«(t : A) — {a}. 
Finally, consider the annotated sequent 

{£[a].{l}):3x.P, a[a].{l} -.yx.P 

Suppose that this were the conclusion of a strict sequent proof: then it ended with the application of a 
VR rule with eigenvariable a, so the variable a is bound in this typed forest (despite being free in the 
term (e[a].{l}) : 3a;. P). With these intuitions in place, we define the a-free and a-bound variables of a 
multiset of typed terms: 

Definition 17. Let F be a typed forest. A variable a is a-bound in F (a £ boundc,(F)) if it is in 
boundci(t : A), for some term (t : A) in F. The variable a is a-free in F (a £ freea{F)) if it is in 
freea(i : A), for some term {t : A) in F, and not a-bound in F. 

Example 6. In the typed forest 

F = a[a].{l} : Va;.P, {e[a].{e[b].{l})) : 3y.3z.Q 

a G boundc(F) and b G freec(-F). a ^ freec«(F): although a is a-free in the second typed expansion tree, 
it is a-bound in the first. 

We are now in a place to define strictness for typed forests: 
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Definition 18 (Strictness). A typed forest is strict if 

(a) each a has an eigenvariable, and 

(b) for each non-cut root t : A of F, boundc«(-F) H free(A) = 0. 

So far, we have allowed typed forests containing naked witnesses: of course, the witness types are not 
part of first-order logic, and so we are particularly interested in forests without naked witnesses, as they 
will have types consisting of multisets of prenex formulae: 

Definition 19. An annotated sequent is a strict typed forest with no naked witnesses. 
Example 7. The typed forest 

a[a].{{l}) : \fx.P, e[a].{l} : [3x.P] 

is strict, but not an annotated sequent, as the typed term £[a].(l) : [3a;. P] is neither an expansion tree 
nor a cut. Neither of the following is strict: 

Q[a].{l} : Vx.P, Q:[a].{l} : Va;.Q (fails condition (a)) 

a[a].{l} : Vs.P, {1} : Q[x := a] (fails condition (b)) 

On the other hand, 

aH.{l} : Va;.P, {1} txa {2} : Q[x ■- a] cxi Q[x ■- a] 

is strict (and so an annotated sequent), since an a-bound variable may appear free in the type of a cut 
without violating (b). 

Proposition 20. The conclusion of a strict LKh derivation is an annotated sequent. 

Proof. By induction: the conclusion of a tautology rule is an annotated sequent, and each rule of LKij 
takes annotated sequents to annotated sequents. D 

We can represent the forest structure of annotated sequents graphically using the graphical repre- 
sentation of terms: the following annotated sequent will be our principal example for demonstrating the 
cut-elimination theory (see Section [8l: 

Example 8. 

{3} 

i 
a[d] 

i 

+ 






{2} 


{2} 






i 


i 






e[h] 


45] 






i 


i 






+ 


+ 






i 


i 






a [5] 


a\h\ 
\ 




tx] 








i 






i 



{3} 


{2} 


i 


i 


a\e\ 


e\h\ 


i 




e{h{d)\ 





4.5 Alpha renaming 

We have mentioned that the a should be though of as a non-local binder; so, in fact, should the indices 
used to annotate the conclusions of the tautology rule. As such, we will need to be able to rename 
eigenvariables and indices. We will use the notation [a <— 6] to denote the renaming of an a-bound 
variable, and [i -^ j] for the renaming of an index i. 
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Definition 21. (a) Let i and j be indices. The operation [i <— j] (tautology renaming) is defined as 
follows: 



S[i ^ j] 



s iis 

((S\W)U{j}) zGS 
{a[d\.t)[i ^ j] = a[d].(t[i ^ j]) 
{e[M].t)[i ^ j] = e[M].{t[i ^ j]) 

(il+---+tn)[i^i] = (tl[i^ j],...tr,[i^ j]) 
it CO s)[i ^ j] = (t[i ^ j] [X] s[i ^ j]) 



(b) Let a and b be members ofV. The operation [a <— b] (variable renaming) is defined as follows: 



S[a ^ b] 


^S 


{a[a\.t)[a^ b] 


^a[bUt[a^b]) 


ia[d].t)[a ^ b] 


^ a[d].{t[a ^ b]) d y^ a 


{e[M].t)[a ^ b] 


^ e[M[a ■- b]].{t[a ^ b]) 


{ti + ---+tn)[a^b] 


^{ti[a^b],...t4a^b]} 


(iDO s)[a ^ b] 


= (t[a <— 6] ixi s[a ^ b]) 



Renaming respects typing in the following sense: 
Proposition 22. Ift:T is well-typed then t[a (r- b] : T[a := b] and t[i ^— j] : T. 

Proof, By induction on the typing derivation for t : A. D 

We use the shorthand {t : T)[a <— b] for t[a ^— b] : T[a := b]. We define the renaming of a variable in 
an annotated sequent pointwise on its roots: 

Definition 23. Let F — ti : Ti, . . . ,tn : T^ be a typed forest. Define 



F[a ^ b] ■- (ti : Ti)[a := b], . . . , (t„ : T„) : [a := b] 



and 



F[i 4- j] := (ii : Ti)[i := j], . . . , (U : T„) : [i ~ j]. 

In the process of eliminating admissible structural rules, we must rename many eigenvariables and 
indices present in a subproof. We give now some notation for such a compound renaming: 



Definition 24. Let V — vi, . . . ,Vn and xi, 



Definition 25. Let V — ii, . . . ,in and ji, . 



.,Xn, be two sequences of variable symbols. Then define 

t[vi ^ Xl] . . . [Vn ^ Xn] 

,jn, be two sequences of indices. Then define 

-- t[ii ^ ji] ... [in ^ jn] 



4.6 Substitution 

Suppose that F is a typed forest containing a cut a[a].t ixi (e[M].s). The intuititive explanation of this 
term is a pending communication: at some point e[M] should communicate its witnessing term, M, to 
a[a]. This is what happens, on the level of annotations, during a single step of cut-reduction. To carry 
out this operation, we must substitute a first-order term M for an a-free variable a in an annotated 
sequent. We define that operation now. 
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Definition 26. We define an operation [a :— M] (substitute M for a) on typed forests F such that 
a ^ bounda-F. 

On witnessesing terms, of the form e[M].t, the substitution applies inside the instantiating first-order 
term M and in the remaining subterm t: 

{e[N].t)[a ■- M] = e[N[a ■- M]]{t[a ■- M]) 

Substitution is pushed past all the other term constructors, as follows: 

S[a ■- M] = S 
{a[d].t)[a ■- M] = a[d].{t[a ■- M]) 
(ti + • • • + t„)[a ■- M] = {ti[a ■- M] + • • • + t„[a := M]) 
{t txt s)[a ■- M] = t[a := M] ixi s[a ■- M] 

Finally, F[a := M] is defined as the pointwise substitution of M for a m each term of F. 

By induction on the structure of typing derivations, we obtain: 

Proposition 27. Ift can be assigned type A, then t[a := M] can be assigned type A[a := M]. 

Having defined substitution, we can formally define tfie operation of communicating a witness across 
a cut, whicli will be one of our cut-reduction operations on Herbrand nets: 

Definition 28. Let 

G = F,a[a].t\xi {e[M].s} : Vx.A ixi 3x.A 

be an annotated sequent. The Comm reduct of G is 

F[a ■- M], (t tx s)[a := M] : A[x := M] ixi A[x := M] 



5 Cut-free completeness of LK 



H 

Consider the "forgetful projection" of LK_f/, where we simply delete the term annotations. This yields a 
standard sequent system which is a subsystem of the calculus given in Figure [T] Thus, to prove cut-free 
completeness of LK_r/, we need only show the rules weakening and (general) contraction admissible. By 
cut-free completeness of LK_r/, we mean the following: 

Theorem 29. Fix a signature E, containing at least one constant symbol. For every closed prenex 
formula A over that signature, valid in classical predicate logic, there is an expansion tree t, such that 
LKh ^t:A. 

Remark 4. The requirement that our signature contains a constant is related to the usual assumption 
in classical predicate logic that domains are non-empty: without it, weakening is not admissible below 
the midsequent. 

The following demonstration of invertibility will be essential: it is precisely the invertibility of the 
universal rule which allows admissibility of contraction: 

Lemma 30. The rule 

F, t : A[x := a] 



F, a[a].t -.yx.A 
is invertible - that is, LKh I~ F, a[a].t : Vx.yl if and only if LKh \- F, t : A[x := a]. 

Proof. By induction on proof height. Since its type contains instances of quantifiers, F,a[a].t : ^x.A 
cannot be a conclusion of the tautology rule. Suppose that the inversion holds for all proofs of height < n, 
and let "1? be a proof of height n of F, a[a].t : Wx.A. We proceed by a case analysis on the last rule p of $. 
If $ has the form 

:$' 

F', a[a].t -.yx.A 

P 

F, a[a].t -.Wx.A 
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then we may apply the induction hypothesis to $', which has height < n, to obtain a proof of F' , t : A[x := 
to which we may then apply p. 

Otherwise, Q[a].t : Wx.A is the principal formula of p, and <& has the form 

: *' 

F, t : A[x ~ a] 

V 

F, a[a].t -.^x.A 

and then "!>' is the desired proof. D 

We show now that weakening and contraction are admissible in LK^f. We explain briefly what this 
means in the presence of annotations: let p be an instance of an ordinary sequent rule with premise F 
and conclusion F'. Then the rule-instance is admissible in LK// if, given a proof whose conclusion F has 
type F, there exists a proof of an annotated sequent G with type A. In fact, for both weakening and 
contraction admissibility we prove stronger results, in the sense that there is a close relation between the 
annotations in premise and conclusion of the admissible rule. 

To prove weakening admissible, we must ensure that the formula introduced by weakening does not 
contain any free occurences of eigenvariables; otherwise we will violate strictness. This does not, of 
course, impact completeness, since we may always rename bound variables before weakening. 

Lemma 31. If LKh I~ F, , and free{A) n boundc(F) — 0, then there is an expansion tree tA such that 

LKh 'r F, tA. A. 

Proof. By induction on the structure of A, and on the length of a proof $ of F. First suppose that A is 
a quantifier- free formula P. If <I> is an instance of the tautology rule labelled with i, then F, (i) : P is also 
an instance of the conclusion of the tautology rule. By induction on the length of a proof of F we may 
now show that if LKh I~ F, then LKh I~ F, (i) : P where i is the index of a tautology in the derivation 
of F. 

We now show weakening admissible for general A, by induction on the rank of A. For an induction 
hypothesis, suppose that all formulae of rank < rk{A) admit weakening. Now suppose that A = Vx.B. 
By the induction hypothesis, whenever we have a proof of F, we have a proof of F, ts : B[x :— z], for z a 
fresh variable, i.e. not appearing in freea{F) or boundQ,(F). Apply VR to obtain a proof of F, a[z].tB '■ A. 

Finally, suppose A = 3x.B. Let * be a constant in S. Then if we have a proof of F, we have a proof 
of F, ts '. B[x :— *], from which we derive a proof of F, (e[*].fs) : A by an application of 3R. D 

To define the contraction of two expansion treess t : A and s : A, we must find a "merge" M(t, s) of 
the two expansion trees, and a sequence of variable renamings to be made in the context. 

Proposition 32 (Admissible contraction). Given any annotated sequent F, t : A, s : A, there is a 
expansion tree M{t,s) : A and two sequences (xi), (yi) of variables such that 

F, t: A, s : A 



Tl::hF), M{t,s):A 



is admissible in LKh; that is, LKh \~ F, t : A, s : A implies LKh \~ r, \ (_F), M(i, s) ; A 

Proof. We proceed by induction on the rank of the formula A. Suppose first that the rank of A is zero. 
Then ^ is a QFF P, and the result trivially holds by an application of Cp, with empty sequences of 
variables. 

Suppose now that the lemma holds for all B of rank n— 1, and let A have rank n. li A = 3x.B, then we 
have contraction on A by the rule Cg : M{t,s) = t + s and again the two sequences of variables are empty. 
The interesting case is where A = Wx.B. Suppose we have a proof of h F, a[a].t : Wx.A,a[b].s : Wy.A. 
Apply the invertibility of V twice to obtain a proof of 

F, t : A[x ~ a],s : A[x ~ b]. 

If e is a fresh free variable, let i' = i[a <— d].[6 <— e] and s' = s[a •(— e].[6 ^— e]. Making renaming 
substitution [a <— e] , [& <— e] inside the proof we obtain a proof of 
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F[a ■<- e][b ■<- e], t' : A[x <- e],s' : A[x ^ e]. 
Now apply the induction hypothesis to obtain a term M(i',s') : A[x :— e] and sequences {xi),{yi) 
such that 

LKh I- r{F[a ^ e].[b ^ e]), M(t', s') : yl[a; — e]. 
An apphcation of V yields a proof of 

r(F[a ^ e].[6 ^ e]), a[e].M(i', s') : Va;.A. 

as required, with M(t, s) = a[e].M(t', s') and sequences {a,b,Xi),{e,e,yi) . D 

This completes the proof of completeness for LKh- We can view the cut-free completeness of this 
calculus as an alternative strong statement of Herbrand's theorem, since each cut-free LK^-proof gives 
rise to an Herbrand proof: 

Proposition 33. Let A be a formula in prenex normal form over a signature E containing at least on 
constant symbol. There is a expansion tree t such that LKh \- t : A, if and only if A has an Herbrand 
proof. 

Proof. One direction is just cut-free completeness: if there is an Herbrand proof of A, then A is provable, 
and so there is a expansion tree t such that LKh \- t : A. For the other direction, we must extract, from 
a derivation oi t : A in LKh, an Herbrand proof of A. 

Let $ be a strict proof oi t : A in LKh- Associate to each instance of 3R in <& a distinct variable not 
occuring in t : A, and decorate the corresponding witness with that variable - that is, we replace each 
occurence of the 3R rule with the rule: 

F, t : A[x ~ Mu] 

3R„ 

F, {e„[M„].t} -.Jx.A 

with a different u for each occurence. 

Given a typed expansion tree s : B, labelled as above, we extract an expansion Deep(s : B) oi B as 
follows: 

Deep(5' : P) = P 
Deep(Q[a]-i : \/x.A) = Va.Deep(i : A[x := a]) 

Deep((uii H h Wn) : 3x.A) = Deep(uii : [3a;-A]) V ■ • ■ V Deep(it)„ : [3a;. A]) 

Deep(e„[M„].f : [3x.A]) = 3u-(Deep(f : A[x := M„]) 

Let V be the set of bound variables in Deep(t : A). Each member of V is either a label of an instance 
of 3R in $ or the eigenvariable of an instance of VR in $- Since $ does not branch (it has no cuts), it 
imposes linear order a;i, a;2, - - - a;n on 1/- Let A* be the matrix of Deep(i : A): then QiXi . . . QnXnA* is a 
prenexification of Deep (f : A). Let cr$ be the sequence of first-order terms (eigenvariables and witnessing 
terms) induced by this ordering; then a^s, is a witnessing substitution for Q\Xi . . . Q„x„A* . Thus A has 
an Herbrand proof. D 

6 Herbrand nets 

The definition of annotated sequent is such that ever conclusion of a strict LKh proof is an annotated 
sequent; the converse is not true. For example, an annotated sequent can contain cuts of the form 
a[a].t [X] e[M{a)].s. To formulate a criterion excluding such terms, we treat annotated sequents as 
proof structures (known elsewhere as pre-proofnets) , in the sense of Girard [ID]. The sequent calculus 
cut is, in form, a linear logic tensor; the standard techniques of multiplicative proof-net correctness 
provide precisely the tools to decide whether such a tensor can be the last rule of a sequent derivation. 
We will define a correctness criterion singling out, among the annotated sequents, those arising as the 
conclusion of an LKh derivation, and we will call these annotated sequents Herbrand nets. Finally, we 
develop sequentialization: any annotated sequent F which is the endsequent of a derivation contains itself 
enough information to reconstruct a derivation LKh I~ F (although, of course, we might reconstruct a 
different derivation to the one we originally used to derive F). 
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6.1 Prelude: expansion-tree proofs 

We begin by giving necessary and sufficient conditions for a cut-free annotated sequent to be the con- 
clusion of a proof. First, let t : A be an annotated sequent: that is to say, t is an expansion tree and 
bounda!(t) n free(A) — III. Given a proof n of t : A, we have hnear ordering of the a and e nodes in 
t; this ordering is compatible with the a notion of dependency on those nodes, where the a subterm 
depends on its predecessor, and a subterm £[A/].f depends on the subterm a[a].s if the variable a ap- 
pears free in M. This natural notion of dependency provides a simple condition for deciding whether a 
given t : A is provable in LKh; this condition is a special case of the condition given by Miller for his 
expansion-tree- proofs: 

Proposition 34. Let t : A be an annotated sequent. Then t : A is provable in LKh if and only if 

(a) the transitive closure <\ of the above-defined dependency relation is irreflexive, and 

(b) Deep(i : A), as defined in the proof of Provosition [33l is a tautology. 

The proof of this proposition is easy; a sequent proof of t : A is (essentially) a linear order on the 
non-propositional nodes of t extending O, which exists if and only if < is irreflexive. 

It is not hard generalize this condition to one necessary and sufficient for any cut-free annotated 
sequent, by generalizing Deep to work on sequents instead of just typed expansion trees. The irreflexivity 
of dependency on is nodes is not enough, however, when we introduce cuts (we cannot, by this route, 
exclude cuts of the form afaj.f ixi e[M{a)].s). For this reason, we turn to the the techniques of proof-net 
correctness. 

6.2 Typed forests as proof structures 

We have mentioned, already, that we consider proof nets to be forests with a linking structure. The 
forest structure of an annotated sequent has already been discussed at length, and we move now onto the 
linking structure. This will consist of the dependency discussed above, plus a linking which generalizes 
the usual axiom links of proof nets. The usual sequent calculus axioms are replaced in LK_ff by tautology 
rules. Similarly, the usual axiom links of proof nets, linking two dual formulae, are replaced in Herbrand 
nets by something more general: the information contained at the leaves of a typed forest plays the role 
of generalized axiom links. This generalization is two-fold: each "tautology link" (each index appearing 
in a set at some leaf) may have an arbitrary (finite) number of conclusions, and (because of contraction) 
each leaf may be connected to several such links. For the purposes of correctness, these links play a dual 
role. Later we will see that they play a part in the switching criterion (which ensures that the structure 
of substitution and cuts can be sequentialized) . In addition, the links are necessary to check whether 
the propositional information in a structure is correct: if the disjunction of the formulae arising from a 
tautology index is really a tautology: 

Definition 35. Let F be a typed forest, and let i be a tautology index appearing m F. The formula Fi 
is defined as follows: 

Fi = \/{A I (S) : A is a propositional node in F, i G S} 

Definition 36 (Herbrand Structure). Let F be an annotated sequent over a theory (E,T). F is an 
Herbrand structure if, for each tautology i in F, we have T \= Fi. 

The tree structure of a typed forest F defines a natural directed graph structure, with vertices given 
by the nodes of F and edges directed from child to parent. The linking structure on a typed forest is 
given using jumps [ID] - extra directed edges in the graph. For each tautology index in F, we add a 
vertex, and we add jumps (directed edges) from a tautology index to the leaves where it appears. If the 
variable x appears free a first-order term M, we will make a jump from each e[M] to the alpha node 
binding x. This jump indicates that, in a sequent proof of F, the existential rule introducing the e[M] 
must occur before the universal rule introducing the a[a\ Less obviously, we also need jumps from cuts: 
if the variable a is free in the type of a cut, then that cut must occur above the rule binding o. We will 
call this graph with jumps the dependency graph of the forest. 

Definition 37. Let F be a semistructure. The dependency graph Dep(F) of F is a labelled directed 
whose vertices are: 
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(a) The instances of subterms of F, plus 

(b) one node for each tautology index i in F , labelled with the index. 

The edges ofDep{F) are the edges of F considered as a directed graph, plus the jumps; 

• An edge from e[M] : B to a[a] whenever a £ free(A/); 

• An edge from t txi s : Atxi A to a[a] whenever a G free(^) 

• An edge from the vertex i to each leaf S of F with i £ S. 

We use red curved arrows to represent jumps in the dependency graph, and red labels for the tautology 
vertices; the black, straight arrows and black vertices continue to represent the underlying forest. 

Example 9. The dependency graph of the annotated drinker's term D is 
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the dependence of e[b] on a [6] is indicated by the upwards-pointing grey arrow. 
Example 10. The dependency graph of the annotated sequent derived in example is 




Definition 38. Let F be a typed forest. The dependency relation on F is defined to be the relation 
t>= (— > Uri)*, restricted to the nodes of F. 

6.3 Correctness 

We will use a variation on the well-established Danos-Regnier ACC (acyclic-connected) correctness cri- 
terion [5], since it is well-known and easily stated. The criterion as given is exponential (we can decide 
in exponential time if a given Herbrand structure is a net) , but it is known that correctness for this kind 
of proof-net is actually NL-complete 6 . Of course, checking that a given annotated sequent F is an 
Herbrand structure is coNP, since we must check that that each Fi is a tautology. 

The crucial notions in ACC correctness are the switching and the switching graph, which in our 
setting are defined (for semistructures) as follows: 

Definition 39. Let F be a typed forest. 

(a) The switched nodes of F are the subterms of the form a[a].t' , (ii -f ■ • ■ +t„), or S. All other nodes 
of F are unswitched. 

(b) A switching a of F a choice of, for each switched link t of F, exactly one incoming edge for t in 
Dep(F). 
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(c) The switching graph F^ of a switching a is the undirected graph derived from Dep(-F) by deleting, 
for each switched node t, all edges coming into t except that chosen by the switching, and then 
forgetting directedness of edges. 

Definition 40. A typed forest F is ACC-correct (or just ACC), if for each switching a, Fc ts connected 
and acyclic. A net is an annotated sequent (i.e. with no naked witnesses) which is ACC. 

An Herbrand net is a structure satisfying both kinds of correctness: the correctness of the tautology 
links and the switching correctness: 

Definition 41. An annotated sequent F is an Herbrand net if is is an Herbrand structure and a net. 

Proposition 42. (a) If F ^ F' , a[a].t : Vx.A is ACC then G ^ F' ,t : A[x ~ a] is ACC. 

(b) F = F',{wi-\ iu„) : 3x.A is ACC iff G = F' ,wi : [3x.A],...Wn : [3x.A] is ACC. 

(c) F = F',S : P IS ACC iff F' IS ACC. 

Proof. An easy application of the definition of correctness; passing from F to G removes, in each case, a 
switched node which is a root in F. This cannot affect either connectedness or cyclicity of the switching 
graph. D 

Proposition 43. The conclusion of any LKh proof is an Herbrand net. 

Proof. By induction on the tree-structure of an LKh proof. D 

We now justify our claim that Herbrand nets generalize the first-order expansion-tree proofs of [19] by 
showing that, in the absense of cuts, we may replace our switching notion of correctness by irreflexivity 
of l>. First, we see that correctness guarantees that l> is a strict partial order among the alpha and 
epsilon nodes: 

Proposition 44. Let F be an an Herbrand net. Then its dependency relation l> is irreflexive (i.e. the 
dependency graph is acyclic.) 

Proof. If the dependency graph of _F has a cycle, then it has an elementary cycle C = to,t\, . . . ,tn,tn+i — 
to, in which each vertex is only visited once. Choose a switching ct of F in which we choose for each 
switched node ti+i on that elementary cycle the vertex ti as its switching. Then the cycle also appears 
in Fcr, and so F is not ACC. D 

In the cut-free case we derive the converse: 

Proposition 45. Let F be a cut-free Herbrand structure. F is an Herbrand net if and only if it contains 
a single tautology index and its dependency relation <1 is irreflexive. 

Proof. F is an Herbrand net if and only if each switching graph is acyclic and connected. Assume that F is 
an Herbrand net: by the previous lemma we know that it has an irreflexive dependency relation. Suppose 
F contains two or more tautology nodes and no cuts; then each switching graph of F is disconnected, 
and F is not ACC. 

We now show the converse. Suppose first that F has a switching a for which F^ has a cycle. Because 
F contains no cuts, each node in F^ has at most one path to a propositional node in Fo-, and thus this 
cycle cannot pass through any propositional or tautology node. It follows that the cycle in Ft, restricted 
to logical nodes, gives a cycle in the dependency graph of F, and thus a reflexive node for <l . 

Finally, suppose that each switching graph of F is acyclic, but F is not an Herbrand net. Then, for 
each switching, each non-propositional, nontautology node has a unique path to a propositional node in 
F. This switching graph will be connected unless there are at least two tautology nodes in F. D 
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Figure 5: Three subnets of the drinker's term 
6.4 Subnets of Herbrand Nets 

To show that the Herbrand nets are precisely the proof structures arising from LKh proofs, we will 
adapt the notion of subnets of a proof net[T]; this will also be important in defining cut-reduction on 
Herbrand nets. 

Definition 46 (Substructure). Let F be an AC C forest. A substructure of F is a subset G of the nodes 
of F closed under dependency: that is, if s £ G and t > s then t £ G. 

Since a substructure G of an ACC forest F is always closed under subterms, it defines a typed forest. 
The following is therefore well-defined. 

Definition 47 (Subnet). Let G be a substructure of the ACC forest F. G is a subnet of F if it is ACC. 

Notice that we do not require that a subnet of an Herbrand net is an Herbrand net: we do not even 
require that it is a net. Figure [5] shows three subnets of the drinker's term, none of which are nets. As 
another example, consider the following immediate consequence of the definition of subnet 

Proposition 48. Let F be an ACC forest, and S a leaf of F. Then the subset {S} of the nodes of F is 
a subnet of F. 

There is a strong connection between subnets of an Herbrand net and subproofs of its sequentializa- 
tions, but developing this is beyond the scope of the current paper: we will treat the notion of subnet as 
a tool to define sequentialization and cut-elimination. 

Apart from the oddity that a subnet of an Herbrand net is not necessarily an Herbrand net, the 
standard properties of subnets follow much as for MLL~ nets. We state these properties here: the more 
technical proofs are summarized in the appendices. 

Proposition 49. Let G\ and G2 be subnets of an ACC forest. 

(a) Gi n G2 is a subnet of F if and only if it is nonempty. 

(b) If Gi n 6*2 IS nonempty, then Gi U G2 is a subnet. 

Proof, (a) Suppose G = Gi H G2 to be nonempty but not a subnet of F. It is clearly a substructure, 
so to fail to be a subnet there must be a switching a for which Ga is disconnected. But then either 
Gio- or G2o- rtiust be disconnected. 

(b) Now suppose that Gi H G2 is nonempty, but that G = Gi U G2 is not a subnet of F. Again, there 
must be a switching a for which Gcr is disconnected. But since G = Gi n G2 is nonempty, there is 
a node t in Ga present in both Gi„ and G2o-, and thus connected to each node of Ga. 

n 

Definition 50. Let F be an ACC forest, and let t be a node in F. The empire oft in F is the largest 
subnet of F having t as a root. The kingdom oft in F is the smallest subnet having t as a root. 

The kingdom of a node, if it exists, has a particular structure: 
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Proposition 51. Let t be a node of an ACC forest F, and let G,t : A he its kingdom. Then the roots of 
G are either witnesses and cuts. 

Proof. By Proposition 1421 \i s : B & root of G has any other form, we can find a smaUer subnet with t 
as a root. D 

By Proposition 1491 if the set of subnets having a node i as a root is nonempty, t has an empire and 
a kingdom. 

Proposition 52. Let F be an ACC forest. For each node t in F, there is a subnet having t as a root. 

Proof. A variation on the proof in 1 of the same result for MLL, which we relegate to the appendix ( 
see Section!^. D 

Corollary 53. Every node in F has a kingdom and an empire. 

The following relation will be the key to our sequentialization and cut-elimination results. 

Definition 54. Let F be an ACC forest. We define a relation <^ on the nodes of F as follows: t <^ s if 
te k{s). 

If i is a node of an Herbrand net F, we can think of the nodes s such that s ^ f as the inference 
steps that must happen before we may "do" the step at the root of t. As one might hope, this relation 
is an order extending <: 

Proposition 55. The relation <^ is a partial order on the terms of a ACC forest. 

Proof See Section [A] D 

6.5 Sequentialization 

We now seek to establish that every Herbrand net arises as the conclusion of an LKij derivation. The 
proof that this is the case will be an induction using the following measures: 

Definition 56. Let F be an Herbrand net. 

(a) The size s(F) of F is the number of a, e and &< nodes m F. 

(b) The width w{t) of an expansion node t = (wi+- • ■+w„) in F is n. The width w{s) of a prepositional 
node s = S in F is the cardinality of S. 

The w — rank w{F) of an Herbrand net F is X]t(^(*) ~ 1); where t ranges over all expansion nodes and 
prepositional nodes of F. 

We show that all nets may be sequentialized by induction on s{F) + w{F). Our base case is where 
s{F) = (in which case «;(F) is also 0): 

Proposition 57. // F is an Herbrand net of size (i.e. it contains no a, e or txi nodes) it is the 
conclusion of the tautology rule of LKh ■ 

Proof. Since F contains no ixi nodes, and is a net, it can contain only one tautology index i. So F has 
the form {1} : Pi, . . . , {1} : P„, with \J Pi a, tautology (since F is an Herbrand structure). D 

In case of non-zero measure, we look for a rule of LKh whose conclusion is F and whose premisses 
are also Herbrand nets. This can be seen as a guided form of proof-search. In some cases (corresponding 
to invertible sequent rules) this is easy: 

Proposition 58. Let F be an Herbrand net. 

(a) If F — F' , a[a].t : Wx.A, then G — F' , t : A[x :— a] is also an Herbrand net. 

(b) If F = F' , si + S2 : 3x.A, then G = F' ,si : 3x.A, S2 : 3a;. ^1 is also an Herbrand net. 

(c) If F = F',SiUS2 ■■ P then G = F' , Si : P, S2 : P ts also an Herbrand net. 

Proof. In each case, it is easy to verify that F satisfies the conditions for being an Herbrand net if and 
only if G does. D 
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These three "inversions" produce a net G of lower measure than F. It is less obvious when to apply the 
non-invertible rules of LK/j: the existential rule and the cut-rule. For example, in the annotated sequent 

{e[c].a[a].{l}) : 3s.Vy.A(y), (e[a].{l}) : 3z.A{z) 

we cannot instantiate the rightmost existential until both other quantifier rules have been instantiated. 
For cuts the situation is even more complicated. In an annotated sequent of the form 

F,a[a].ti 1X1 i2 : ^ 1X1 A],e[a].i3 tx a[6].£[a].i4 : B txi B 

the right-hand cut cannot be decomposed before the left-hand cut, as the eigenvariable a is used in both 
sides of that cut. Even where we do know which cut to decompose, we must find the correct splitting of 
the context. 

What this means is that some roots of an Herbrand net can be decomposed, yielding one or two 
smaller Herbrand nets, others can not. We will call the roots of a stucture which admit immediate 
decomposition its gates: 

Definition 59. Let F be an Herbrand net, and let t : A be a root of F. The t is a gate of F if and only 
if there is a rule instance of LKh , with F as conclusion, with t : A as the active succedent, and with 
premisses that are also Herbrand nets. 

The main work of the rest of this section will be to show that each Herbrand net has a gate. We will 
use the notions of kingdom, empire, and the relation <C defined in the previous section. 

Proposition 60. Let F be an Herbrand net 

(a) Every root of F of the form a[a].t, {wi, . . . u)„} or a non-smgleton set S is a gate. 

(b) a root t of the form si Dx] S2 is a gate if and only if it is '^-maximal. 

(c) a root t : T of the form (e[M].s) : 3x.A is a gate if and only if e[M] : (^x.A) is <^-maximal in 
F,e[M] : {3x.A). 

We can immediately see that (a) holds, by Proposition 1581 Before proving parts (b) and (c), let us 
observe that this characterization of gates is enough to show that every net of nonzero size has a gate: 

Proposition 61. Let F be an Herbrand net. Either F is the conclusion of the tautology rule, or it has 
a gate. 

Proof. If F has size zero and width zero, F is a conclusion of the tautology rule. Now assume that F 
has nontrivial size/width; by Lemma [Ml <C is a partial order on the nodes of F, so F has at least one 
<C-maximal node t: this node is also, by definition, < — minimal, and so t (with appropriate type) is a 
root of F. If i is a gate, we are done. Suppose that t is not a gate: then it is of the form {«} or {e[M].t). 
Suppose the former: since F = G, {i} : P has nonzero size, so does G, and G is a net: thus G has a gate 
t : A. This is also a gate of F, since t ^ k{{i}). 

Finally, suppose that all <c:-maximal nodes of F are of the form {e[Ali].Si), for 1 < i < n; so 

F ^G, (e[A/i].si) : 3xi.Ai, ..., (e[M„].s„) : 3x„.A„ 

The typed ACC forest 

F' = G, e[Mi].si : {3xi.Ai), . . . ,e[M„].s„{3x„.A„) 

has an ^-maximal node, and it must be e[Mj].Sj : {3xj.Aj), for some j. This node is also ^-maximal 
in 

G, (£[Mi].si) : 3xi.Ai,...,e[Mj].Sj : (Bx^.A^), . . . , (e[M„].s„) : 3x„.A„, 

(where we have placed a -I- below all the naked witnesses but e[Mj].Sj) and so {e[Alj].Sj) : 3xj.Aj is a 
gate of F. n 

Theorem 62 (Sequentialization). An annotated sequent F is an Herbrand net if and only if it is the 
endsequent of an LKh proof it. We call -k a sequentialization of F . 

Proof. By induction on the s(F) + w{F). If this measure is zero, F is the conclusion of the tautology 
rule. Otherwise, F has a gate, and there is a sequent rule which decomposes F into smaller Herbrand 
nets, each of which can be sequentialized by the induction hypothesis. D 
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The following cases of Proposition 1601 remain to be proved: 

Lemma 63 (Splitting txi). Let F = F' ,t \xi s : A \x] A be an A CC forest; then t ixi s <^-maximal in F iff 
there is a partition F' — Fi,F2 such that Fi,t : A and F2,s : A are ACC. If, further, F is an Herbrand 
net, then Fi,t : A and F2,s : A are Herbrand nets. 

Proof. This is a variation on the standard "splitting tensor" theorem for MLL proof nets: see Section 
13 for the proof. D 

Lemma 64. Let F = G, (e[M].t) : 3x.A be ACC (resp. an Herbrand net). Then F' = G,t: A[x := M] is 
also ACC (resp. an Herbrand net) if and only if e[M].t : l^x.A) is <^-maximal m F" = G,e[M].t : {3x.A). 

Proof. Suppose F is ACC, and F' is also ACC, and suppose for a contradiction that {e[M].t) is a member 
of k{X) for some other node X of F. But then the kingdom of X in F' is also a subnet of F, smaller 
than k{X), contradicting minimality of the kingdom. 

Suppose now that F" = G,e[M].t : [3x.A] is ACC with <-maximal node e[M].t : e[M].t : {3x.A). 
We show that F' is ACC. Since F' is a subgraph of F" , all its switching graphs are acyclic: we must 
show that they are also connected. Observe that free(iV/) C freeQ(-F). For otherwise, there is a variable 
a with a £ free(M), a ^ freea(F); then there is a node of F of the form Q[a].s, and (e[M].f) G k{a[a].s), 
contradicting the fact that {e[M].t) is a gate. Thus the node e[A/].f is connected to each switching graph 
only by its unique successor in the forest structure of F" , and so removing it cannot disconnect any 
switching graph. 

Finally, notice that F is an Herbrand structure if and only if F' is an Herbrand structure, since F 
and F' have the same leaves. D 

7 Cut-elimination 

The sequentialization theorem immediately gives us a way to access a very weak cut-elimination theorem 
for Herbrand nets. Given an Herbrand net F with type F, it is the endsequent of some proof in LK/f. 
Since we have shown that cut-free LKh is complete, there is a cut free proof of an annotation of F; that 
proof gives rise to an Herbrand net F' which is ixi-free and has the same type as F. 

In this section we will show a system of reductions ( "Minimal reduction" ) such that any Herbrand net 
may be transformed into a cut-free Herbrand net using these reductions. The reductions are inspired by 
reductions in the sequent calculus, so we begin with a discussion of how one might prove cut-elimination 
in LKj/. 

7.1 The basic cut-reduction steps 

Cut-reduction in classical logic, done stepwise, typically consists of three kinds of operation, applied to 
subproofs of the proof being normalized: 

(a) Rank-reducing steps, perfomed on logical cuts, where both cut-formulae are the principal formula 
in the proof-tree above the cut, and where the rules introducing the cut-formulae are logical; for 
example: 

hFi,A[x:=a] hr2,A[x:^M] : 7r^[x := M] ; 7r2 
VR ^3R -^ \-ri,A[x~M] \-r2,A[x~M] 

\-ri,yx.A \-r2,3x.A cut 

Cut I-Fi,F2 



hFi,F2 



(65) 
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(b) Structural steps, where one of the cut formulae is the principal formula in the proof-tree above the 
cut, and the rule introducing it is a structural rule; for example, contraction: 



TTl 



; -7r2 





,A 




• TTl 

hri,A 




\-T2,A 


hTi 




^Ti, 


Fa 


,A 

Pttt 






hTi 


,Ti, 









(66) 



Cut 

hri,r2 

hri,r2 

(c) Operations to manipulate the proof tree (rule permutations), in order to place a cut in one of the 
two forms above. 

To discover the basic cut-reduction operations of Herbrand nets, we can examine the action these 
cut-reduction steps have on the annotated conclusions of LKj:/ proofs. 

For (c), the rule permutations, this question is easy to answer: one great advantage of working with 
(box-free) proof nets is that we no longer need the third item on this list, and indeed it is easy to show 
that two LKjj proofs differing by a permutation of rules have the same annotated sequent as a conclusion. 

Let us consider now the logical cut in LK_ff; the annotated redex is: 

Fi,t : A[x := a] F2 , s : A[x := M] 

VR 3R 

Fi,a[a\.t : \/x.A F2, {e[M].s} : 3x.A 

z — Cut 

Fi,F2, a[a].ti><i{£[M].s) -.yx.AioJx.A 

and the annotated reduct, where the term M has been "communicated" across the cut: 

Fi[a ■- M], t[a ■- M] : A[x ■- M] F2, s : A[x := M] 

z Cut 

Fi[a := M], F2, t[a := M]\Xis: A[x := M] cxi A[x ■- M] 

Since permutations of a sequent proof in LK// leave the annotated conclusion unchanged, we obtain 
the following result: 

Lemma 67. // 

LKh I- F, a[a].t Dx] {e[M].s) : ^fx.A [xi 3x.A, 

then 

LKh I- F[a ■- M], t[a := M] io s : {A txi A)[x ■- M] 
That is, the reduct of a logical cut does not depend on the sequential structure of the proof containing 



It. 



The redex of a cut against contraction has the form 



* 



' ^ F ,si : 3x.A,S2 : 3x.A 

: * C (68) 

F,a[a].t -.Wx.A F, si + S2 ■ 3x.A 

^- Cut 

F, F', a[a].t ixi si -I- S2 : Va;.y4 ixa 3x.A 

In order to write down the reduct, maintaining strictness, we must rename all a-bound variables 
occurring in the duplicated copies of $. If freea,(-F', a[a].t -.Wx.A) — x,y, . . . ,z, then lei Vo ~ xo,yo, ■ ■ . , zo, 
and Vi — xi,yi, . . . zi. If I is the set of tautology indices in $, define Jo and /i similarly. Recalling the 
renaming functions of Definitions 1241 and 1251 let Let Ti{t) — ''"^(t/. (t)). The reduct of (|68|l is 



• $0 :* 

(f, To{F),a[ao].To{t) -.Vx.A F' ,so ■.3x.A,si : 3x.A 



Cut 



ri(F),a[oi].Ti(t) : Vx.A to{F),F , a[ao]ro(t). cxi so : forallx.A c<l 3x.A,si : 3x.A 

Cut 

to(F),ti{F),F', a[ao].ro{t) 1x1 so : Wx.A ixi 3x.A,a[ai].Ti{t) \x\ si : \/x.A [xi 3x.A 

_ -c* 

M{To{F),ri{F)),F', a[ao].To{t) txa so : Va::.^ ixi 3x.A,a[ai].Ti{t) 1x1 si : \/x.A>3 3x.A 
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where here C* denotes many applications of admissible contraction (and M is extended to annotated 
sequents in an appropriate fashion). 

This "reduction" is highly problematic in Gentzen's sequent calculus, as it is not possible to construct 
a measure which decreases on its application - not possible, since reduction using this rule diverges. The 
problem is fixed by Gentzen by moving to a more general calculus with multicut, for which a rather 
complicated measure calculated by following cut-formulae up the sequent-tree can be calculated. Using 
multicuts amounts to imposing a strategy on the application of the above reduction, for which a measure 
is given by looking upwards into the sequent proof to see how many times a cut formula is duplicated by 
a contraction. (In LK/f , this is precisely the information contained in the width of a term s annotating 
a contracted formula 3x.A, so giving a direct cut-elimination result for LKh is easier). 

Unlike the communication reduction above, it is not immediately clear how to apply this "duplication" 
reduction to an Herbrand net without an accompanying derivation. The results of the previous section 
give us a way to proceed if the cut to be reduced is a gate: in that case, we can write the net as 
Fi, F2, a[a].t !xi si + S2 '■ ^x.A cxi 3x.A where Fi, a[a].t : Wx.A and -F2, si + S2 : 3x.A are also Herbrand 
nets. It is then easy to see that 

G' = ro(Fi),ri(Fi),F2, a[aQ].To{t) i<\ si -.^x.Ao^Bx.A, a[ai].Ti{t) (Xi S2 ■■yx.A\x\3x.A (69) 

is also an Herbrand net. For each term in Fi, we have created two copies, with the same type. For each 
member of u of Fi which is a expansion tree (i.e. not a cut), we can apply admissible contraction to 
To(w), ti(m), obtaining a single term of the same type as u. Thus we may recover a net of the same type 
as G by applications of admissible contraction, as in the sequent calculus. 

The annotated conclusion of the derivation resulting from applying the LKh reduction is depen- 
dent on the derivation, and not just its annotated conclusion; unlike the communication reduction, this 
reduction does not commute with rule permutations. For any Herbrand net 

G — F, a[a].t ixix s\ + 82 : \/x.A tx] 3x.A 

there are many different sequentializations, and so many different possible results of reducing the cut 
labelled X. Consider, for example, the following proof, and the cut labelled X within it. 

; 7r2 

: ^^ F',si : 3x.A,S2 : 3x.A 

F,a[a].t:'^x.A,a[b].t' -.^x.B F,si + S2 : 3x.A (70) 

■CuTx ■ n3F",s' ■.3x.B 



F, F' , a.[h\.t' : \/x.B a[a].t DX si -f S2 : ^x.A cxix 3x.A 
F, F', F", a[a].t cxi si + S2 : Wx.A cxix 3x.A, a[b].t' [xl s' : ^x.B [xl 3x.B 



Cut 



If wc apply one reduction step to the cut labelled X, the subproof tti will be duplicated, but not the 
subproof TTs. If, however, we perform a permutation of the instances of Cut, we obtain a derivation with 
the same annotated conclusion, but different cut-reduction behaviour: 

• TTl • TTs -112 

F, a[a].t : Wx.A, a[b].t' : \fx.B F" , s' : 3x.B F' , si : 3x.A, S2 : 3x.A 

Cut — C (71) 

F', F", a[b].t' Xl s' : \fx.B \x\ 3x.B F, si + S2 : 3x.A 

Z CUTx 

F, F', F", a[a].t DX si + S2 : Vx.A txix 3x.A, a[b].t' [X s' : Wx.B txi 3x.B 

Here the reduction of cut X will cause the duplication of both tti and tts . 

In the following section we will see how to find a canonical such reduction, derived from the kingdom 
of the cut. 

7.2 Substitution and reduction triples 

We saw in the previous section how to reduce a cut in an Herbrand net, in the special case where the 
cut is a gate of the net. This corresponds to the case, in the sequent calculus, of a cut which is the last 
inference in a derivation. In the sequent calculus, this is easily extended to the general case by reducing 
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the cut within a sub-proof. In Herbrand nets this is a harder notion to define: we do so in this section 
by means of an auxiUiary notion: a substitution triple. 

We begin by attempting to define the duplication reduction on an arbitrary ACC forest; that is, a 
forest 

G — F, ct[a].t [X] Si + S2 : Mx.A [Xl 3x.A 

where F possibly contains naked witnesses. Suppose that the cut to be reduces is <g; —maximal in G; 
then G — F\,F2, a[a].t &<l si + S2 : \/x.A CO 3x.A, with F\,a[a].t : \/x.A and F2, si + S2 : 3x.A also ACC. 
As before, we set 

G' = ro(Fi),ri(Fi),F2, a[ao].ro(t) [xl si : Mx.A cxl 3x.A, a[ai\.Ti{t) cxl S2 : Mx.A cxi 3x.A (72) 

Where possible, we now try to make the type of G' the same as the type of G: form a new ACC forest G" 
by applying admissible contraction to to{u),t\{u) in G' wherever m is a expansion tree. Unlike before, 
G' also contains naked witnesses to which admissible contraction cannot be applied. 

Let /root be the function from the roots of G to the roots of G" , which is the identity on F2, maps 
all roots of expansion trees resulting from admissible contraction to their corresponding roots in Fi , and 
maps Tiit : T) to t : T where i is a cut or naked witness in Fi. 

Now suppose that G was a subnet of some Herbrand net H . How can we define a reduct for H, given 
G"? We seek a net H' with the same conclusion as H , in which the subnet G has been "replaced" by 
G"; that G is deleted, and then G" is "wired in" in its place. 

/root satisfies the following properties: 

• /root is surjective; 

• /root is injective on expansion trees 

• /root is type-preserving. 

This function allows us to see which roots of G" should be the wired where in H\ that is, which node 
of H \G should be the predecessor of a given root of G" in H' . 

Having replaced G by G" in H, there will be a mismatch between the tautology indices appearing in 
H'; there will be indices in G which were duplicated, but which also occur in H \G. Similarly to /root, 
we can define a function /taut mapping tautology indices appearing in G" to tautology indices appearing 
in G; it maps all tautology indices appearing in F2 to themselves, and the two copies of a copied index 
back to the original. It is clear that 

G, o G/j^„j(i) 

where, we recall, Fi = V{^ ! S : A is a leaf in F, i £ S}. This then allows us to conclude that, when 
replacing G by G" in ff, we do not violate the Herbrand-structure condition if we replace every leaf S 
of H \G hy Uies /taut(i)- This concludes our informal description of how to replace G by G" in H. 

The forest G", plus the functions /root and /taut form the first example of what we will call a 
substitution triple: 

Definition 73. Let F be an ACC forest. A substitution triple for F is a triple (-F', /root, /taut) such 
that 

• F' is an ACC forest. 

• /root is a function from the roots of F' to the roots of F which 

(a) preserves types on non-cut roots 

(b) is surjective 

(c) is injective when restricted to the roots of expansion trees of F' 

• /taut IS a function from the tautology indices of F' to the tautology indices of F such that 

The intended meaning of a substitution triple (G', /root, /taut) for G is that whenever G is a subnet 
of an ACC forest F, we may "substitute" G' for G in F. This has been explained above in terms of 
"wiring" ; we now make this notion formal, for the particularly easy case where every non-cut root of G is 
a naked witness: in this case the substitution triple gives a surjective function from the roots of G' to the 
roots of G, which specifies to which expansion-node of F\G the non-cut roots of G' should be connected. 
This is the content of the following definition and subsequent lemma: if we have a substitution triple for 
a subnet of an AGG forest F, it can be extended to a substitution triple for F: 
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Definition 74. Given a subnet G of an AC G forest F , all of whose non-cut roots are witnesses, and a 
substitution triple (G", (;root,gtaut) forG, we construct a triple (-F[G'/G], /root, /taut) (which we prove in 
the following lemma, is a substitution triple for F). 

The function /taut is defined as follows: /taut(i) = <7taut(4) ifi is in the domain ofgtaut, and ft!!,ut{i) = * 
otherwise. 

We now define F[G'/G], and the function /root- Any roots of F that are also roots of G are either 
naked witnesses or cuts: let t be such a root: then the members of g^^],^{w) are roots of F[G' /G]; if 
« e 5rl>ot W then froot{z) = w. 

If t is a root of F but not a root of G, it may still contain witnesses which are roots of G, which 
we replace by their pre-images under /root ■ In addition, it will contain tautaology indices which must be 
replaced by their images under /taut ■ More formally, if t is a root in F but not a root of G, construct a 
new term R{t) as follows: 

^({s}) = U/-itW 

R{s >it) ^ R{s) ixi R{t) 
R{a[a].t) = a[a].R{t) 

R{wi -\ h w„) = R{wi) -\ h R{w„) 

'e[M].R{t) e[M].tiG 



R(e\M].t) = . 

\Wr-oiMM].t)) e[M].tGG 

R{t) is a root of F[G' /G] and groot{R{t)) = t. 

It remains to show that this defines a substitution triple: 
Proposition 75. The triple (-F[G'/G], /root, /taut) is a substitution triple for F . 



By contruction, the functions /root and /taut have the required properties. The only nontrivial 
observation is that F[G' /G] is an ACC forest. To see this, consider informally how we constructed 
F[G' /G]. Essentially, we do three things: 

(a) delete all the nodes of G from F, 

(b) wire every witness w in G' to the + which was the parent of g-coot{w), and 

(c) replace every leaf of the resulting structure with the union of the inverse images of its members 
under /taut- 

Using this intuition, we prove the claim. Suppose that there was a switching a of F[G' /G\ such that the 
switching graph of F[G' /G] contained a cycle p. We will "project" that cycle onto F. 

The cycle p must intersect the nodes of G', else it would also be a cycle in F. Let p' be a maximal 
subpath of p not intersecting with the nodes of G', and let X and Y be its endpoints. let X' and Y' be 
the nodes in G' to which the subpath p' may be extended in p. X' is either a witness, and the root of 
G', or a tautology index in G'. The same holds for Y' . Via either /taut or /root, there are corresponding 
nodes X" and Y" in G, and since G is a subnet, for any switching a' there is a path from X" to Y" in 
the switching graph of F. We already know that there is a path p' from X to y in F. By choosing a 
switching such that X jumps to X" and Y jumps to Y" , we find a cycle in the switching graph of F. D 

The substitution triples we are interested in arise from the basic cut- reduction operations of communi- 
cation and duplication, closed under subnets and composition: we will call these triples reduction-triples 

Definition 76. A reduction triple for an ACC forest F has one of the following forms: 

(a) If F = Fi,F2,a[a].t ixi s : Mx.A cx] 3x.A, and Fi,a[d\.t : \/x.A, F2,s : 3x.A are also ACC forests, 
then 

i (Communication) if s = e[M].s' , then 

{Fi[a ■- M], F2, t[a ■- M] Oi s' : A[x ■- M] >i A[x ■- M], /root, /taut) 
is a reduction triple, where /root and /taut are the evident bijections between the roots/indices. 
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ii (Duplication) if s — sq + si, and all roots of F\, F2 are either cuts or naked witnesses, then 
(_F', /root, /taut) is a reduction triple, where 

F' = To{Fi),Ti{Fi),F2, ro{t)i<i So ■■yx.A(x\3x.A, Ti{t) i<i si ■.\/x.Ai<\3x.A 

where /root «s the identity on roots/mdices coming from F2, maps Ti{t) to t, and maps the two 
new cuts to the cut reduced: similarly /taut • 

(h) (composition) If {F , /root, /taut) is a reduction triple for F, and (F , /root, /taut) ^^ a reduction 
triple for F' , then {F" , /root o /root, /taut o /taut) w a reduction triple for F. 

(c) (reduction in a subnet) If K is a subnet of F, with all roots of K being cuts or naked witnesses, and 
{K , Qroot , gtaut) is ffl rcduction triple for K, then (F[i<''/^], /root, /taut) is a reduction triple for F . 

As an example of the above, we will now look at the reduction of a structural cut in an Herbrand net 
which is not ^-maximal. Recall that, in the sequent calculus this reduction is sensitive to permutations 
of inference steps; we would like to define a reduction directly on the Herbrand net. To do this, we can 
look at a subnet in which it is ^-maximal. Such a net always exists: we can take the kingdom of the 
cut. The following is an immediate consequence of Proposition 1551 

Proposition 77. A node t in an ACC forest F is <^-maximal in k(t). 

Since in k{X) the cut X is ^-maximal, and since all the roots of k{X) axe either naked witnesses or cuts, 
we can apply the duplication reduction inspired by the sequent calculus, to obtain, not just a reduct K' 
of k{X), but also the functions /root and /taut: a reduction triple for k(X). In addition, the noncut-roots 
of k{X) are all witnesses (Proposition I5ip and so we may apply the construction in Definition 1741 giving 
a reduction triple for the ACC forest F. Since this is a rather important operation on Herbrand nets, 
we will take the trouble to define it directly: 

Definition 78 (The duplication reduction Dup). Let G = F, a[x].t cxiy (si + S2) : Atxi A be an Herbrand 
net. Let X be the unique node labeled with a[x] in G, and let k{X) be its kingdom in G. Let V be the 
variables bound in a binders in k{X), and I be the tautology nodes m k{X). Let the functions to and ri 
be renaming functions as before for the sets V and I . We define the minimal duplication reduct of the 

D4i)^{To{i),ri{i)}; 



■ es 
Dx{t) Cx] Dx{s) ttxis^ k{x) 



Dx{t \xi s) — 

ro(i CXI s), ri(t [X s) t &< s G k{x) 

D^{a[a].t) ^a[a].D^{t) 

D^{tl + • ■ • + t„) = (I>^(tl)) + • ■ • + (Da;(t„)) 

'e[M].D^{t) e[M] i k{x) 



D:,(e\M].t) 

'^ ^' [To{e[M].t) + Ti{e[M].t) e[M] e k{x) 

(where by "t is in k{x)" we mean "the node labelled with t is in k(x)"). 
Define Dx{F) pomtwise on the roots of F. Then F DvP-reduces to 

Dx{F), a[xo].To{t)t<is So, a[xi].Ti{t) txis si 

7.3 The principal lemma for partial cut-elimination 

In this section we give state and prove the following reduction lemma: 

Lemma 79. Let F = G, t txi s : A txi A be an ACC forest, where all cuts appearing in G are of rank 0. 
Then F has a reduction triple (-F', /root, /taut) such that F' contains no cuts of nonzero rank. 

This is a generalization of the following, which says that we can remove a single cut of non-zero rank 
from a net: 

Corollary 80. Let F = G, t txi s : A tx] A be an Herbrand net, and let G contain only cuts of rank 0. 
There is an Herbrand net F' , with the same type as F, containing only cuts of rank 0. 
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Proof. Consider the reduction triple {F' , /root, /taut) provided for F by the principal lemma. The function 
/root is surjective, and injective on expansion trees. Since all the non-cut terms of F are expansion trees, 
there is a 1-1 correpsondence between non-cut terms of F and non-cut terms of F' . Since /root preserves 
types, F' is a net and F and F' have the same type. Finally, if i is a quantifier index in F' , Af <->■ Ff^^^^ (^j , 
and J/tjut(i) is a tautology (since F is an Herbrand net). So F' is also an Herband net. D 

The proof of the reduction lemma is strikingly close to Gentzen's original demonstration of cut- 
elimination for the classical sequent calculus, with two adjustments. These adjustments both arise from 
the lack of tree structure in a proof. First, we can no longer speak of the "topmost" cut in a proof; 
instead, we eliminate cuts which are potentially topmost; maximal cuts with respect to the order <^. 
Second, we cannot use any notion of height as an induction measure: instead we use a more natural 
measure of the complexity of a cut: the number of witnesses taking place in it (its "width"). 

Proof. (Of the reduction lemma) Our proof proceeds by an induction over three measures, ordered 
lexicographically: the first is the size of the ACC forest, meaning the number of nodes it has. The second 
is the rank of the cut apppearing in the ACC forest. The final measure is the "width" of the cut: if the 
cut-term decorating the cut is a[a] ixi s, then the width of the cut is the width of s - otherwise the width 
of the cut is 0. 

Our base case is where all cuts are of rank 0; there is no work to be done, and we can set the F = F' 
and both functions /root and /taut to be the identity. 

Suppose now that there is a nonzero cut of rank n, but that F is not equal to the kingdom of that 
cut. Then we can find a smaller ACC forest K containing the cut: the kingdom of the cut. By the 
induction hypothesis, we obtain a nonzero-cut-free reduction triple {K' , f -coot, f taut) for K, and hence 
by Proposition 1751 a nonzero-cut-free reduction triple for F. 

Now suppose that the nonzero cut is a gate of F, and that F is the kingdom of that cut. Then we 
may write F as 

Fi,a[a].i txs : (Vx.A | 3x.A),F2 

where F\, a[a\.t : A and F2, s : A are also semi-nets, with gates a[o].i and s respectively. We proceed by 
case analysis on the structure of s. 

If s = (e[M].s'), there is a reduction triple between F and 

E = Fi[a ~ M],t[a ~ M] t< s' : {A[x ~ M] | A[x ~ A'/]), Fa 

which has measure less than that of F. By the induction hypothesis, there is a reduction triple 
(-£', (;root,5'taut) for E. By composition, there is a reduction triple between F and E' . 

Finally, suppose that s has the form e[Mi].si -f ■ ■ • -|- e[M„].s„. Since the relation <C is a partial 
order on the nodes of F, there must be a <C-minimal e[Mi].Si among the components of s, such that 
s = e[Mi].Si + s' . There is a reduction triple between F and E — E' , a[ao].io iXy e[AIi].Si, a[ai].ti ixix s' . 

Consider now the kingdom K = k{X) of the cut X in E. Since we picked e[A'Ii\.Si to be <c:-minimal 
among the components of 5", it does not appear in fe(s'), and thus does not appear in K. Since e[Mi].Si 
is not a member of K, neither is the cut Y. K is, therefore, an ACC forest of lower measure than F (it 
contains a single cut of nonzero rank, with the same rank but lower width than that appearing in F) 
and thus there is a reduction triple (-R"', f/root, fftaut) for K. We may substitute K' for K in E, yielding 
a ACC forest E[K' / K] and functions ftroot and fttaut forming a reduction-triple for E. The ACC forest 
E[K' / K] now contains a single nonzero cut of width 1: since e[Mi\.Si was not in K, the width of this cut 
in E[K' /K] is the same as that in E. E[K' /K] is thus subject to the induction hypothesis, which yields 
a triple [F' , /iroot, fttaut) for E[K' /K]. We may now compose these three reduction triples to obtain the 
required reduction triple for F. D 

As a corollary to the principal lemma, we obtain partial cut-elimination. 

Theorem 81 (Partial cut-elimination). Let F be an Herbrand net. There is a net F' , containing only 
cuts of rank zero, with the same conclusion as F . 

Proof. By induction on the number of nonzero cuts in an ACC forest F. If there are none, we are done. 
Now suppose we may remove the nonzero cuts from an ACC forest containing n — 1 nonzero cuts, and 
let F contain n nonzero cuts. Let X be a <C-maximal nonzero cut in F, and consider K — k{X), it's 
kingdom. By the previous lemma, there is a nonzero-cut-free reduction triple {K' , /root, /taut) for K. The 
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ACC forest F[K' /K] has the same type as F, but has n — 1 nonzero cuts; we may apply the induction 
hypothesis to obtain our nonzero-cut-free net. D 

7.4 From Partial to Full cut-elimination 

Usually, when one performs partial cut-elimination, it is because the remaining cuts cannot be eliminated. 
Here this is not the case: the cuts of rank zero may very easily be eliminated, but in a way that interferes 
with the notion of reduction triple. The reader might suspect that here we find a source of nondeterminism 
in the reductions: a term S : P where S has cardinality n greater than one, represents an n — 1-fold 
contraction, and so, since we may form cuts 5 ixi T, one might expect to have to make duplications, and 
to have to choose a direction in which the cut should be reduced. 
In fact, we can avoid such issues, owing to the following lemma: 

Lemma 82. Let F = G, (S) txi (T) : P txi P be an Herbrand net, with G cut-free: then S and T are 
disjoint singleton sets. 

Proof. By the definition of correctness: alternatively, observe that as F is an Herbrand net it must be 
the conclusion of an LK_fr derivation containing one cut, and thus two branches. D 

Such cuts are easy to eliminate 

Lemma 83. Let F, (i) ixi (j) be an Herbrand net. Then F[i <— j] is an ACC forest. 

Proof. By induction on the height of a proof of F, (i) ixi (j) in LK_ff. Since the proof contains a cut, it 
cannot have height 1 - the minimal height is 2, with the proof having the form 



(i) : Pi, . . . (i) : P„, (i) : P (j) : Qu ■ ■ ■ (j) ■ Q™, (j) : P 

— Cut 

(j) : Pi, . . . ii) : P„, (i) : Qi, . . . (j) : Q^, (i) ^ (j) : (P | P) 

It follows that \J Pi y \J Qi is a tautology, and so 

{{)■. Pi, ...,{{)■. Pn,{i) : Qi, ... ,{i) : Qm 

is the conclusion of a tautology rule. The remainder of the proof is a simple induction on the height of a 
proof, relying on the fact that any other rule in LK_ff can be pushed below a cut of the form (i) txl (j). D 

Corollary 84. Let F be an Herbrand net containing only cuts of rank 0. Then there is an Herbrand net 
F' of the same type which is cut-free, which can be obtained by applying the transformation 

Prop : F, (i) ixi (j) ^ F[i := j] 

Proof. By induction on the number of cuts in F. Suppose that we may remove n — 1 cuts of zero rank 
from a net. Then if F contains n cuts, it in particular contains one cut of the form {i} ixi {j}, which 
may be removed by the above lemma. The remaining proof contains n — 1 cuts and so falls under the 
induction hypothesis. D 

This is enough to give us cut-elimination, via the transformations in Figure [6l 

Theorem 85 (Weak Normalization for Herbrand nets). Let F be an Herbrand net with type T. By 
applying rules from Figure\^we may produce an Herbrand net F' which is cut-free. 
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Prop : F, (i) ix: (j) w F[i := j] 

COMM : i^, a[a\.t txi {e[M].s} -^ F[a -.^ M], t[a:^M]>^s 
DvP : F,a[x].t t^ {sq + si) -^ Dx{F), a[xo]. To(t) txi sq, a[xi].Ti{t) :>c si 

Figure 6: Minimal reduction on Herbrand nets 



8 Minimal reduction is not confluent 

Conventional wisdom is that the non-confluence of the sequent-calculus is a result of structural rules 
meeting in a cut. In particular, the Weakening- Weakening-, or Lafont-example [Sj constructs, given 
arbitrary proofs $ and >]/ of a sequent F, a third proof "1? * ^ of F which reduces to both $ and ^. A 
Contraction-Contraction cut similarly produces a situation in which we may reduce a cut in two different 
directions - here of course it is difhcult, without a good notion of equality on proofs, to say whether 
reduction is nonconfluent. 

At first sight, it might appear that we avoid non-confiuence in LKh and Herbrand nets: each cut 
reduction rule in Figure [S] has a unique orientation. The only choice we are offered is how to split 
the existential side of a DuP-reduct, but we can remove this difficulty by insisting that we completely 
decompose such cuts in one go. This was, indeed, the original motivation for considering such a system. 

Nevertheless, it emerges that the minimal reduction system on Herbrand nets is nonconfluent: the 
nonconfluence arises between, not within, cuts: that is, the choice we are asked to make is not how to 
reduce one particular cut, but instead which cut we should reduce. 

In the remainder of this section we work over a signature and theory axiomatizing a successor function: 
E = {X, {0, s}, {iszero}) with a constant, s a unary function symbol, and iszero a unary relation symbol. 
The universal axiom set T for this theory consists of the single open formula -'iszero(s(a;)) - a successor 
is never zero. The signature is necessary, not to obtain a nonconfluent example, but to exhibit the nature 
of the nonconfluence. We give a proof of a Ei formula such that, when we eliminate the cuts in two 
different ways, we get two different sets of witnesses to that formula: the sets differ in size, and with the 
help of our signature, also in what terms they contain. 

Our example net is the net from Example 14.41 whose dependency graph is the following: 




A>i A 



Atxi A 



32:.(^iszero(s(z))) 



(The greyed nodes indicate the kingdom K of the node a[g]: we will later use this subnet to begin the 
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elimination of cuts from this net). This net is a proof, in the system mentioned above, that there is 
a nonzero element. Our interest will be in the result of eliminating the cuts from this proof: which 
witnesses to the theorem do we obtain? 

To see that 1)86^ is an Herbrand net, observe that it is the result of cutting together three cut-free 
Herbrand nets (one could, of course, check the correctness criterion directly). Two are of the form of the 
drinker's formula, but with the addition of a function symbol: 



and 

while the last is the following 



ie[Q].a[a].{l} +e[s{a)].a[b].{l}) : A 
(e[0].a[d].{3} +e[s(d)].Q[e].{3}) : A 



v[gUe[h].{2}) : A, a[hUe[g].{2}) : Vx.By.l, {e[h].{3}) : 3^.(- 



,{z)). 



We leave it as a simple exercise to check that these are Herbrand nets. We will reduce this net in two 
ways, obtaining distinct cut-free nets. 

To begin, we reduce (|86p by a DuP-reduction applied to the left-hand cut, which duplicates the 
shaded subnet K, the kingdom of the node a[g]. The following net is the result, with the two copies of 
the shaded subnet displayed: 



{1} 


{1} 


i 


i 


a[a] 


a[b] 


i 


i 


s[0] 


e[s{a 


I 


i 


+ 


+ 


\ 


^^^ 


CXl" 




i 





{2i,22 } 




(From this point on, we will only show jumps where they serve to clarify the situation). The net K 
had, in addition to a\g\, one root e\g\, the child of an expansion node outside of K. Notice that, in the 
reduct, both copies of e\(j\ are children of that expansion node. Notice also that the node labelled {2} 
outside oi K becomes {2i,22} after reduction. 

To continue the reduction of this net, we perform four Comm reductions, in which the e nodes 
transmit their first-order terms to the corresponding a nodes. It does not matter in which order these 
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communications take place. Here is the result after two communications: 
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■ IXl 



And after two more Comms: 



{1} {2i} {1} {22} {2i} 

\ /^ \ / i 

[XI [XI e[0] 

1 1 



{22} 
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a[e] 
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+ 


i 
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^ 




«W.^__^^^ 


+ 
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Two applications of the tautology reduction leave a net with only one cut remaining, replacing the three 
tautologies 1, 2i and 22 with a single tautology 4. 
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To reduce the remaining cut, we must first apply DuP, duplicating the kingdom of q[/i]: 
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Q[/l2] 




+ 





(87) 
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We are here presented with a choice of which cut to reduce: we pick the rightmost, as it will involve 
fewer reduction steps. A Comm reduction leads us to 



{4i} {4i} {3} {42} 

e[0] £[s(/ii)l a[d] e[0] 

+ e[0] 

I i 

a[hi] + 



{42} {3} {4i} {42} 

£[s(s(d))] a[e] e[hi] e[s(d)] 



+ 




where again wc must make a duplication; since however, the eigenvariable e appears nowhere else in the 
proof, the elimination of the middle cut has little effect on the remaining proof: the reader may verify 
that, after one duplication, two communications and two tautology reductions, we arrive at the following 
proof: 



{4i} 




{4i} 


{3} 


{4i} 


{3} 


i 




i 


i 


i 


i 




^ 


e[s(fti)] 


a[d] 
i 


e[h^] 


e[s{d) 




+ 




m 


+ 






i 




i 








a[hi] 




.+ 







We now communicate the term into the eigenvariable hi: 



{4i} 

i 
efOl 



{4i} {3} {4i} 

e[s(c2)] a[d] e[c2] 



{42} 

i 

£[s(d)] 



+ 



+ 

i 



The resulting net is of a rather simple form: one application of DuP, two applications of Comm and two 
applications of Prop result in a cut-free net: inuitively, we substitute both of the terms and sO for d: 



{3} 

1 



{3} 

i 
e[s(0)] 

+ 



{3} 

1 

£[S(S(0)))] 
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The result of eliminating the cut is a net comprising of three distinct witnesses. 

We now sketch the reduction beginning instead with the right-hand cut. Rather than repeat the steps 
above we summarize the reduction as follows: beginning with (|86|) . we instead duplicate the kingdom of 
a[h]. After four Comms and two aplications of Prop the resulting net is 





{1} 


{4} 


i 


i 


a[b] 


e[0] 


\i 




e[s{a)] 





{4} 

i 



After an application of DuP, we arrive at the net 



{4i} {4i} 


{1} 


{42} {42} 


{1} 


{4i,42} 


{4i} 


{42} 


i i 


i 


i i 


i 


i 


i 
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e[0] e[s{g,)] 


a[a] 


e[0] £[s(52)] 


a[b] 


e[0] 


4s(3i)] 


e[s(52; 


\ X 


i 


N ^ 


i 


^ 


-^i^ 


^ 


+ 


e[0] 


+ 


e[s{a)] 




+ 




i 


i 


i 


i 








a [51] 


+ 


a [32] 


+ 









and eliminating the right-hand cut, we obtain 



{4i} 




{4i} 


{1} 


{4i,42} 


{4i} 


{42} 


i 




i 


\ 


i 


i 


\ 




+ 
i 

a [51] 


e[s(5i)] 


Q\a\ 
i 

i 

+ 


m 


4s(ffi)] 

+ 


e[s(s(a))] 



The only expansion tree of our net already has three branches, and we have not finished cut-elimination. 
In particular, it remains to evaluate the eigenvariable a, and there are two witnesses with which we can 
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evaluate it. Thus the final resuh of the cut-ehmination is a net with four witnesses rather than three: 
{3} {3} {3} {3} 

e[0]^ e[s(0)] £[s(s(0)))] e[s(s(s(0))))] 




Hence minimal reduction in Her brand nets is not confiuent. 

9 Other kinds of reduction 

The notion of a kingdom took a lot of effort to define, and is (unfortunately) little known outside the 
community of specialists in linear logic proof nets. In this section we address (and reject) two possible 
alternatives. 

9.1 Copying too little: dependent subforests 

Given an annotated sequent of the form 

F,a[a].t 1X1 si + S2 : Atxi A 

if we are to copy the subterm afaj.f, to provide two copies to cut against si and S2, what is the smallest 
subforest (not necessarily a subnet) we must duplicate in order to still have an annotated sequent? A 
little thought suggests the dependent subforest, consisting of all the subterms t' such that a[a].i <1 t' . 
Since subnets are also closed under dependency, we would never copy more than the kingdom, but in 
general we copy much less. In addition, since the tautology jumps play no part in the dependency 
relation, we can simply drop them, (being sure to replace the condition on being an Herbrand structure 
with some other tautology checking condition). 

Such a reduction was the subject of study by the author, and independently by Willem Heijltjes (and 
others before us); it is seductively simple and holds the promise of an elegant abstract representation 
of classical proofs, but the system has a fatal flaw: as observed by Heijltjes, by duplicating dependent 
subforests we may reduce the example from the previous section to a forest containing a cut of the 
following shape, where there is a jump "across the cut" : 

a[a] cx] e[M{a)] (88) 

Such a "proof" can, of course, never arise as the annotation of a sequent derivation. This suggests, 
as is indeed the case, that the dependent-subforest duplicating reduction does not preserve the property 
of being an Herbrand net. 

While we rejected this reduction in favour of Minimal reduction, which does preserve the property, 
Heijltjes opts instead to treat such redices as appear in H88p as "garbage", and adds an extra garbage 
collection reduction to remove them. Since the structure at tautology nodes is not needed for dependent 
subforest duplication, Heijltjes's "Proof Forests" can derived from our annotated sequents by forgetting 
the structure at the leaves. His correctness criterion is such that (the forgetful projection of) any 
Herbrand structure is a correct Proof Forest. Moreover, his weakly normalizing reduction seems to yield 
the same results as ours, since it always reduces an ^-topmost cut (where the kindom and dependent 
subforest coincide). Nonetheless, there are correct Proof Forests containing no "garbage" redices and yet 
corresponding to no sequent-derivation. 

In the way they behave and are handled, Heijltjes's forests are rather similar to Lamarche and 
Strassburger's proof nets for propositional classical logic [TJ]. We consider them an interesting parallel 
strand of research to our own. 
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9.2 Copying too much: empires 

As mentioned above, the very natural concept of kingdom is little-mentioned in the proof-net literature. 
The concept of empire, by contrast, appears in almost all introductions to the theory of proof nets for 
MLL~, and played a central role in their development. Moreover, the empire of a node is easy to 
calculate; for MLL~ nets, for example, it can be calculated in time linear in the size of the net. 

It is natural to ask, therefore, if this more familiar notion can be the basis of a cut-elimination for 
Herbrand nets. The following counterexample shows this is not possible. Let the underlying theory be 
as for the strong normalization counterexample, and let B = 3z.{-^\szero{z). In the following net, the 
shaded subnet is the copyable pari, of the empire of a[g]; the largest subnet of the empire of a[g] whose 
roots, other than a[g], are all cuts or naked witnesses. 



{1} 


{1} 


i 


i 


e[s(s(0))] 


e[s(0)] 



{2} 





B\xiB 



(89) 

The reader can verify that, if this subnet is copied in the obvious way, and the resulting Comm/Prop 

redices reduced, the resulting net contains [89] as a subnet, and indeed, it is not hard to prove that this 

net has no finite sequence of reductions, ending in a cut-free net, if we replace the minimal Duplication 

with the duplication of the (copyable part of) the empire. 

10 Conclusions and further work 

We shown, in this paper, a system of proof nets for classical first-order logic in prenex normal form, 
derived from Herbrand's theorem. The system has the minimal set of properties one might expect of 
a proof system for classical logic — like Gentzen's LK it has weakly normalizing cut-elimination. We 
hope, of course, for more. Surprisingly, given the polarization of connectives, (and thus the avoidance 
of the contraction-contraction and weakening- weakening problems detailed in [9]) cut-reduction in this 
system is nonconfluent (a counterexample for Heijltjes' system, also applicable to our system, was given 
in [TT]). We seek, therefore, confluent subsystems. We conjecture, but as yet have no proof, that minimal 
reduction is strongly normalizing. 

Similar structures to our annotated sequents arise as strategies Coquand's game theoretical treatment 
of classical arithmetic HI . Coquand gives a way to play a strategy containing cuts, which amounts to a 
non-associative composition on proofs, and it would be interesting to compare this with the nonconfluent 
properties of Herbrand nets. 

We look also to extend our system beyond prenex normal form, flrst to encompass a treatment of the 
propositional connectives. The paper [17] gives a multiplicative treatment of classical proof nets which 
improves on [201 by replacing contraction (binary, defined on all formulae) by expansion (n-ary, defined 
only on positive formulae). Contraction on negative atoms (needed for completeness) is handled by the 
same basic binding structure used here to model quantification. 

Acknowledgements The author thanks Willem Heijltjes for many stimulating and helpful exchanges, 
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A Properties of subnets of Herbrand nets 

The proofs contained in the appendix are very minor variations on the proofs of similar properties for 
MLL^ proof nets, as presented in [l]. They are presented here for the sake of completeness. 

A.l Existence of kingdom and empire 

Definition 90. Let F be an ACC forest, t a node of F, and a a switching of F. Remove from Fc the 
edge from t to its parent, if it has one. F{t, a) is the connected component of this graph containing t. 

Proposition 91. Let e = f]^ F{X,cr), where a ranges over all switchings of F. Let e{X) be the 
intersection of e with the nodes of F. e[X) is a subnet of F, and X is a root of e{X). 
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Proof. We must first see that e{X) is a substructure of F - tliat is, it must be closed under O. This is 
easy to see when passing from an unswitched node to its unique child. Suppose now that Z is a, switched 
node in e{X), and that one of its O-successors Y is not in e{X). Then there is a switching a such that 
Z £ F{a, X) and Y ^ F{a, X). Thus there is a path p X to Z in Fc, and a path p' from the parent W of 
X to Y, also in Fa. By changing the switching ct to a switching a' , where Z chooses Y and W chooses 
X (if W is switched) and leaving all other switches unchanged, we obtain a cyclic swiyching graph F^. 
Hence e{X) is a substructure. 

We next observe that e{X) is an ACC forest: let ct be a switching of the nodes in e{X), and let 
a' be an extension of that switching to F. The graph e{X)a is acyclic since e{X) is a substructure of 
F. To see that e{X)a is connected, observe that it is the restriction of F{X,a'), a connected graph, to 
e = f]aF{X,a). 

Suppose now that X is not a root of e{X). Then there is a F in e{X) such that Y -i^ X. Choose a 
switching ax of F such that whenever Z is a, switched node with Y < Z < X, we choose a switching W 
for Z such that W is the predecessor of X. 

Because of these choices, the unique path from X to F in Fo-^ uses the edge from X to its parent, 
and because of this does not provide a path from X to F in F{X, ax )■ If V is in e(X) , then there is some 
other path from X to Y in Fa^ , but this contradicts the fact that F is correct (acyclicity of Fa-^). D 

Proposition 92. The subnet e{X) is the largest subnet of F having X as a root. 

Proof. Suppose otherwise. Let G be a substructure of F, with X as a root, which is larger than e(X). 
Then there is a node Z of G, and a switching ct, such that Z ^ F{a, X). But then there is no path from 
X to Z in Ga, and so G is not an ACC forest. D 

The following technical lemma will be crucial: 

Lemma 93. Let F be an Herbrand net, and let a and t be distinct nodes of F, such that t G e(s). Let 
s' be the parent of s and t' the parent oft. Then 

s' G e{t) iff t' i k{s') 



Proof. We have that 

Gi =e(t)nfc(s') G2 = e(i)Ufc(s') 

are nets (since Gi is nonempty). If s' G e{t),t' G fc(s') then G\ has s' as a root and does not contain t' , 
and so is a subnet with s' as a root smaller than fc(s') - contradiction. 

Similarly, if t' ^ e(s), s' ^ k{t') then G2 has i as a root and contains s', in contradiction of the 
definition of empire. D 

This allows us to show that the relation <C is a partial order on the nodes of a structure. 

Lemma 94. Let F be an Herbrand net, and let X, Y be nodes of F such that X <C Y and y <C X. 
Then X = Y. 

Proof. Let X be labelled with t and Y with s. Suppose that X and Y are not the same node. We have 
that fc(X) = fc(X) n k{Y) = k{Y), by minimality of the kingdom. 

(a) If X is an Q node, or expansion node, then removing X from k[Y) yields a smaller subnet with Y 
as a root, contradicting minimality of k{Y). 

(b) If X is an £ node with child X', then its kingdom is equal to fc(X') U {X}, and so y G fc(X'). This 
contradicts the previous lemma, which says that Y ^ e(X'). Similarly for ixi nodes. 

n 

e(t) and e(s) are clearly disjoint. Suppose that a node it G -F is a member of e(f) but that u , the 
parent of u, is not in e{t). By Lemma l93l t Dx] s is a member of k{u'), contradicting ^-minimality of 
i 1x1 s. By connectedness of F, we have that F = e(i) U e(s) U {t ixi s}. 
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A. 2 Calculating the kingdom 

We know that the kingdom of a node always exists, but the definition of the kingdom of X as the 
intersection of all subnets having X as a root is unwieldy for calculations. In this section we reconstruct 
arguments from [T] showing that the kingdom of a node may be calculated in time at most quadratic in 
the size (number of nodes) of a net. 

We will work on the dependency graph of a net. We first see how to calculate the empire of a node: 

Lemma 95. Let F be an ACC forest and X a node of F. The graph e, defined above, is the smallest 
subgraph E of Dep(F) of F closed under the following: 

(a) X € E 

(b) (Dependency) If a node X is in E then all vertices Y with X -^Y or Xr\Y are in E. 

(c) An unswitched node t of F is tn E if and only if there is a <\-predecessor s of t also m E. 

(d) An expansion node t of F is in E if and only if all its < -predecessors are in E. 

Proof. We have already seen that e is closed under dependency: it is easy to deduce that e is also closed 
under items [3] and |4l and thus E C e. 

To see that e C _£, we construct a switching a for F such that E — F{a,X). Choose the switching a 
— the principal switching for X — such that, whenever a switched node Y has a choice of switching Z 
which is not in E, we pick that switching. 

It follows from the properties of E that each root of E is either t, a root of F or an expansion node 
X one of whose children is not in E. Now suppose that a node VF is in e but not in E. Since F{a, X) is 
connected and E is closed under dependency, the path connecting X and W in Fo- must exit E at one 
of its roots. But this is impossible by the choice of a principal switching. Thus e (Z E. D 

Corollary 96. The empire e{X) of a node X of an ACC forest may be calculated tn a number of steps 
linear in the number of nodes in F. 

We may now use Lemma |93] to give an alternative characterization of the kingdom k{X) of a node: 

Lemma 97. Let K be the smallest subset of vertices of Dep{F) containing X and closed as follows 

(a) K is closed under dependency. 

(b) If Z is a successor ofY£ K , and Y,Zj^X, then Z £ k{X) if and only if X ^ E. 

The non-tautology vertices of K are precisely the nodes of k{X). 

Corollary 98. The kingdom k{X) of a node X may be calculated in time quadratic in the number of 
nodes of F. 
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